nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ingress SMTP

From: "Robert E. Seastrom" <rs () seastrom com>
Date: Thu, 11 Sep 2008 08:02:32 -0400

Joel Jaeggli <joelja () bogus com> writes:


Does anyone bother to run an MSA on 587 and *not* require authentication?


All my normal relay or lack thereof and delivery rules are in place on
my 587 port. Of course muas's and mtas will also do tls as well as
authentication over port 25 where available. I don't sea any reason to
preclude a host that would be allowed to relay via 25 to do so via 587...

Congruent policy makes administration simpler.


Counterpoint here:

I do not allow relaying (only local delivery and maybe MX but I think
I'm not doing secondary MX for anyone anymore) over port 25 and I do
not allow authentication over port 25 either.

Likewise, I do not allow unauthenticated local delivery on port 587,
demand STARTTLS on port 587, and generally you have to auth to do anything.

The extra effort required to set this up (exim recipes available) pays
dividends by ensuring that people have their MUAs configured properly
at home - otherwise they won't work at all - and helps avoid whiney
long distance phone calls asking for help from some user who's off in
Bonaire or something.

-r
Previous By Date Next
Previous By Thread Next

Current thread: