[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Update to default exit policy



> I know this has been discussed before, but I thought I'd bring it up

> again. The following rules are in the default exit policy and I can't

> see any reason why they would be:

>

> reject *:465

> reject *:587

Are you absolutely positivily sure that you can not misconfigure e-mail MTAs who use smtps (465) and submission (587) to be open relays?

My understanding is from my quick search on this topic is that IF you setup an open relay then that relay can be used regardless of the connection coming through a SSL encrypted connection or a plain-text connection on port 25.

Plain-text (25) or encrypted (465) has nothing to do with authentication, just like you can visit many websites using http (80) and https (443) without actually logging in.

I am not sure having them open by default would be a good thing.

Attachment: signature.asc
Description: This is a digitally signed message part.