nanog mailing list archives
ingress SMTP
From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Wed, 03 Sep 2008 20:34:12 -0400
On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
You're forgetting that 587 *is authenticated, always*.
I'm not sure how that makes much of a difference since the usual spam vector is malware that has (almost) complete control of the machine in the first place.
Well, that depends on MUA design, of course, but it's just been pointed out to me that the RFC says MAY, not MUST.
Oops.
Does anyone bother to run an MSA on 587 and *not* require authentication?
Raises hand. Why would the requirements for authentication be different depending on the port used to connect to the MTA? No matter how a session comes into the MTA (port 25, 465, 587, anything else) and no matter whether it is encrypted or not, the requirement for authentication (which is always available and advertized), is based on a simple policy: - local delivery originating from a non-blacklisted or "internal/customer" address does not require authentication; - relay from "internal/customer" IP Addresses does not require authentication; - any connection from a blacklisted IP requires authentication or no mail will be accepted; - relay from "external/non-customer" IP Addresses requires authentication; Is there a valid reason why a different configuration is justified? As an aside, outbound port 25 traffic is also blocked except from the MTA.
Current thread:
- RE: ingress SMTP, (continued)
- RE: ingress SMTP Skywing (Sep 03)
- Re: ingress SMTP *Hobbit* (Sep 03)
- Re: ingress SMTP Steven Champeon (Sep 03)
- Re: ingress SMTP Robert Bonomi (Sep 03)
- Re: ingress SMTP Alec Berry (Sep 04)
- Re: ingress SMTP Mark Andrews (Sep 04)
- Re: ingress SMTP Alec Berry (Sep 04)
- Re: ingress SMTP Alec Berry (Sep 04)
- Re: ingress SMTP matthew (Sep 03)
- RE: ingress SMTP Justin D. Scott (Sep 03)
- Re: ingress SMTP matthew (Sep 03)
- ingress SMTP Keith Medcalf (Sep 03)
- Re: ingress SMTP Mark Foster (Sep 03)
- Re: ingress SMTP Jeff Kinz (Sep 04)
- Re: ingress SMTP Mark Foster (Sep 04)
- Re: ingress SMTP Jeff Kinz (Sep 04)
- Re: ingress SMTP Simon Waters (Sep 05)
- Re: ingress SMTP Mikael Abrahamsson (Sep 05)
- Re: ingress SMTP Mark Foster (Sep 05)
- Re: ingress SMTP Robert E. Seastrom (Sep 10)
- Re: ingress SMTP Jeff Kinz (Sep 05)
- Re: ingress SMTP Mark Foster (Sep 03)