On Mon 28 Jul 2014 at 22:12:09 +0100, Joe wrote: > On Mon, 28 Jul 2014 18:16:23 +0100 > Brian <a...@cityscape.co.uk> wrote: > > > Port 25 then becomes used only for incoming messages to be sent to > > domains the server is responsible for? If so, that doesn't appear any > > different from the present situation. For relaying a login is > > perfectly understanable, but it can be done on port 25 too. What > > makes port 587 necessary? > > Simply to provide a standard port on which authentication is expected > and used, leaving 25 for unauthenticated mail. An email sent to an > arbitrary address will be unauthenticated, because none of us have > authentication credentials for all the world's mail servers. > Unauthenticated mail will be delivered only *to* the domains the > receiving server is authoritative for, or relayed *to* anywhere, but > only *from* domains which are explicitly configured in the server. I > think the very basic Debian setup of exim4 allows the entry of such > permitted relaying domains, and certainly the full configuration file(s) > does so.
Thanks. Due to your post and speed reading an RFC or two I think I now have a better understanding of what the IETF's intentions are. They do not include encouraging the blocking of outbound port 25. However, in an earlier mail https://lists.debian.org/debian-user/2014/07/msg01614.html I said You have to authenticate yourself when you join your ISP's network. No further authentication is needed to use their SMTP server; you are a trusted user so TLS is therefore not required. This is incorrect. I was working off my experience of my ISP's network and my own. It may not be needed but an ISP can require authentication to send mail in spite of knowing a machine is legitimately on its network. The reason for doing it given is generally along the lines of: Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers. Port 587 improves security through the use of required authentication and recommended TLS/SSL encryption. What I do not understand is what prevents the malware (assuming it can signicantly control the machine) from using the same authentication to send spam as before. Isn't this back to square 1? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140731143730.gj19...@copernicus.demon.co.uk