North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why do so few mail providers support Port 587?

  • From: Nils Ketelsen
  • Date: Mon Feb 28 16:55:36 2005

On Sat, Feb 26, 2005 at 03:10:42PM +0100, JP Velders wrote:

> >From a "security" stance (well - partly ;D) I always like to emphasize
> that in "The Real World" port 25 is for traffic between MTA's *and*
> submission of mails to the local MTA. So to reduce the chance of one
> of my users abusing an Open Relay and to enforce corporate e-mail
> policies, only port 25 towards our mailserver is open.

I do not know about your E-Mail Policy, but normally it is either allowed
to use an external mailserver or not. If it is allowed, I can as
well allow Port 25 outgoing. If it is not I will block 25 and 587.

> Port 587 on the other hand is meant for "submission" by clients. The
> security implications of allowing my users to contact such a port are
> very very low. If someone won't secure his mailserver on port 587,
> that's something different, but substantially different than if it
> were insecure on port 25...

An interesting theory. What is the substantial difference? For
me the security implications of "allowing the user to bypass our
mailsystem on port 25" and ""allowing the user to bypass our mailsystem on
port 587" are not as obvious as they maybe are to you.