Re: ingress SMTP

• From: David Champion
• Date: Thu Sep 04 10:31:18 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

> > Well, that depends on MUA design, of course, but it's just been pointed
> > out to me that the RFC says MAY, not MUST.

(That was me.)


> Note that there are TWO relevant RFCs: RFC 4409 and RFC 5068. The latter
> says:
> 
> 3.1.  Best Practices for Submission Operation

Thanks, Tony.  I hadn't taken account of superceding RFCs, and quoted
2476 to Jay.  2476 permits authN without encouraging or requiring it,
but 4409 both obsoletes 2476 and makes authN mandatory, so it's more
even than a best practice.  It's the law, to the extent that two sites
involved in a dispute may or may not consider RFC to be law.

But as I noted privately, sendmail for one enables MSP out of the box
without authentication -- or did the last few times I set it up --
so there's certainly a significant base of systems that at least are
running MSP on 587 without requiring authentication.  In such cases,
blocking ports is just whacking moles, whether you ticket and fine the
moles for violating RFC or not.

-- 
 -D.    [email protected]    NSIT    University of Chicago

• References:
  • ingress SMTP *Hobbit*
  • Re: ingress SMTP Justin Scott
  • Re: ingress SMTP Jay R. Ashworth
  • Re: ingress SMTP Michael Thomas
  • Re: ingress SMTP Jay R. Ashworth
  • Re: ingress SMTP Nicholas Suan
  • Re: ingress SMTP Jay R. Ashworth
  • Re: ingress SMTP Tony Finch

• Prev by Date: Re: ingress SMTP
• Next by Date: Re: ingress SMTP
• Date Index
• Thread Index
• Author Index
• Historical