nanog mailing list archives
Re: Outgoing SMTP Servers
From: Robert Drake <rdrake () direcpath com>
Date: Wed, 26 Oct 2011 01:29:58 -0400
On 10/25/2011 11:17 AM, Owen DeLong wrote:
But that applies to port 25 also, so, I'm not understanding the difference.Other people running open port 587s tends to be quite self-correcting.At this point, so do open port 25s.
The differences is in intentions from the user. All SMTP servers are supposed to accept incoming email to their domain on port 25, if they get a connection from a random IP they can check spf, dkim and dns blacklists but that's all they can do to see the reputation of the sender. Blocking port 25 is an ISP based list of who is allowed to send SMTP.
Port 587 is supposed to only be used for MUA-MTA communications. If mx.hello.com gets a 587 connection from anyone and they say "mail from: <anyone other than hello.com>" the server can drop that as wrong.
Yes it's nasty and dumb, but it works better than spf, DKIM and other technology right now. Maybe spf could be extended into reverse zones and who they're permitted to send mail for (too many ISP's don't let even business users update reverse records), maybe spf or a protocol like it will become required in the future so you know who can be trusted when they connect, or reputation or greylisting will take off, except for having to store reputation about all IP's and all /64s so the database isn't easily maintained. I think spf with dkim (with caveats worked out) would be the best solution but anything that requires a flag day with SMTP basically isn't gonna happen.
Owen
Robert
Current thread:
- Re: Outgoing SMTP Servers, (continued)
- Re: Outgoing SMTP Servers Jeroen van Aart (Oct 25)
- RE: Outgoing SMTP Servers John van Oppen (Oct 26)
- RE: Outgoing SMTP Servers up (Oct 26)
- Re: Outgoing SMTP Servers Mikael Abrahamsson (Oct 24)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers Aftab Siddiqui (Oct 25)
- Re: Outgoing SMTP Servers Scott Howard (Oct 26)
- Re: Outgoing SMTP Servers Jeff Kell (Oct 26)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers Valdis . Kletnieks (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers Robert Drake (Oct 25)
- Re: Outgoing SMTP Servers Dave CROCKER (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers Jeroen Massar (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers Jeroen Massar (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers Ricky Beam (Oct 25)
- Re: Outgoing SMTP Servers Alex Harrowell (Oct 25)
- Re: Outgoing SMTP Servers Robert Bonomi (Oct 25)