[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Update to default exit policy
Dawney Smith schrieb:
> Those are ports used for mail submission, not for mail relay. They wont
> be abused by spammers. ISPs often block their consumer broadband users
> from connecting to port 25 on servers outside of their network, to
> prevent spam. They don't block 465 and 587, because they're not problem
> ports and the point of them is, that you authenticate before sending
> mail, unlike port 25. You wouldn't block port 443 to prevent spammers
> submitting mail via https://mail.google.com/ so why block these ports?
Actually, it is a little more complicated. 465 is just plain
SMTP-over-SSL, so not much different to non-encrypted SMTP on port 25.
(BTW: AFAIR the recommened method for encrypting SMTP is to use port
25 with STARTTLS and not to use a different port, so connections to
port 25 may be encrypted as well.)
Concerning the submission port 587: Originally, the submission port
needed neither to be encrypted, nor did it enforce authentication (see
RfC 2476, http://www.faqs.org/rfcs/rfc2476.html).
Authentication MAY be done before submitting mails.
Only RfC 4409 (which obsoleted 2476) introduced a MUST for
authentication of the sender, but is still quite recent (2006).
AFAIR both RfC make no statement about the encryption of connections
to port 587 for mail submission, although 3207 (STARTTLS) states it
can be useful.
Regards,
Dominik