North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why do so few mail providers support Port 587?

  • From: JP Velders
  • Date: Sat Feb 26 09:11:49 2005

> Date: Thu, 24 Feb 2005 16:08:42 -0500
> From: Nils Ketelsen <[email protected]>
> To: [email protected]
> Subject: Re: Why do so few mail providers support Port 587?

> On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
> [ ... ]
> > What can be done to encourage universities and other mail providers
> > with large roaming user populations to support RFC2476/Port 587?

> Give a good reason. That is still the missing part.

>From a "security" stance (well - partly ;D) I always like to emphasize
that in "The Real World" port 25 is for traffic between MTA's *and*
submission of mails to the local MTA. So to reduce the chance of one
of my users abusing an Open Relay and to enforce corporate e-mail
policies, only port 25 towards our mailserver is open.

Port 587 on the other hand is meant for "submission" by clients. The
security implications of allowing my users to contact such a port are
very very low. If someone won't secure his mailserver on port 587,
that's something different, but substantially different than if it
were insecure on port 25...

Now if you turn that around, you see why we opted to support SMTP Auth
on port 587 and have left our legacy mailhub running on port 25 ;)

I have users roaming around the world - on "company" business. And my
users also entertain the same kind of roaming users. Now, if I want to
have my users be able to connect to my mailserver on port 587 from
anywhere in the world, I should also allow guests over here to do the
same to their mailserver on port 587. It works both ways after all ;)

> Nils

Kind regards,
JP Velders