North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why do so few mail providers support Port 587?

  • From: Jason Frisvold
  • Date: Fri Feb 25 11:43:06 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=nnmNefs+1xo/kGsCO1oc72J1sdOYbNd5b34+187qClXa8N0qTg68BgPXwv5MUBvzF2QVs5kZvPRfoL+EdDl/nFrR0v9w6S39H00wrN3GodvFQVWvPM32HVPVRCKEhMk4VU9E2+e8hMeeby0phh/do5icC34X+ADfrT1vZvPArjc=

On Fri, 25 Feb 2005 11:17:35 -0500, [email protected] <[email protected]> wrote:
> That's being a bit disingenuous.  The discussion here hasn't been to
> open up port 587 to relay for all comers, but rather to open it up for
> authenticated use only.  If spammers start using it, then it's a result
> of either poor authentication security or an understaffed abuse
> department.  I'll agree with you on one thing, though -- the whole
> business of port 587 is a bit silly overall...why can't the same
> authentication schemes being bandied about for 587 be applied to 25,
> thus negating the need for another port just for mail injection?

Port 587 is intended for authenticated mail relaying only.  While you
can set up authenticated relaying only on port 25, you still have to
deal with spammers sending mail directly to your users on port 25. 
Blocking port 25 outbound from dynamic ips (dialups, dsl, cable, etc)
helps a little bit ..  But then you need an alternate port for
relaying.

I think using port 587 for authorized relaying and port 25 for normal
smtp services works out well.  I can't think of a valid reason to ever
block port 587, and I can't see how spammers will use port 587 for
spamming, unless they have a username/password for relaying..
 
> Andrew

-- 
Jason 'XenoPhage' Frisvold
[email protected]