[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Default Exit Policy

> Just as with SMTP, security [with SMTP-submit] is optional. See
> RFC 4409 for details on the protocol.

4.3.  Require Authentication

   The MSA MUST by default issue an error response to the MAIL command
   if the session has not been authenticated using [SMTP-AUTH], unless
   it has already independently established authentication or
   authorization (such as being within a protected subnetwork).

In other words, SMTP-submit MUST use authentication, but the
authentication may be something as weak as deciding depending on the
IP address.

Folks, unless you are running on a network that allows unauthenticated
SMTP-auth, please allow port 587 in your exit policy.