Re: ingress SMTP

• From: Joel Jaeggli
• Date: Wed Sep 10 20:22:43 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Jay R. Ashworth wrote:
> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
>> On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
>>> You're forgetting that 587 *is authenticated, always*.
>> I'm not sure how that makes much of a difference since the usual spam  
>> vector is malware that has  (almost) complete control of the machine  
>> in the first place.
> 
> Well, that depends on MUA design, of course, but it's just been pointed
> out to me that the RFC says MAY, not MUST. 
> 
> Oops.
> 
> Does anyone bother to run an MSA on 587 and *not* require authentication?

All my normal relay or lack thereof and delivery rules are in place on
my 587 port. Of course muas's and mtas will also do tls as well as
authentication over port 25 where available. I don't sea any reason to
preclude a host that would be allowed to relay via 25 to do so via 587...

Congruent policy makes administration simpler.

> Cheers,
> -- jra

• Follow-Ups:
  • Re: ingress SMTP Robert E. Seastrom

• References:
  • ingress SMTP *Hobbit*
  • Re: ingress SMTP Justin Scott
  • Re: ingress SMTP Jay R. Ashworth
  • Re: ingress SMTP Michael Thomas
  • Re: ingress SMTP Jay R. Ashworth
  • Re: ingress SMTP Nicholas Suan
  • Re: ingress SMTP Jay R. Ashworth

• Prev by Date: Re: Teleglobe appears to be spam-source zombie network?
• Next by Date: Re: Teleglobe appears to be spam-source zombie network?
• Date Index
• Thread Index
• Author Index
• Historical