MM developers, I'd like to propose a change in MM3s default SMTP client port from port 25 (transport) to port 587 (submission).
Why? From my point of view mailman rather is a mail component that introduces messages into a mail system than one that sits between MTAs and assists in transporting messages that pass by. RFC 4409 <http://www.rfc-editor.org/rfc/rfc4409.txt> explicitly defines a submission port (587) for mail systems whose purpose is to accept message from MUAs: However, SMTP is now also widely used as a message *submission* protocol, that is, a means for Message User Agents (MUAs) to introduce new messages into the MTA routing network. The process that accepts message submissions from MUAs is termed a Message Submission Agent (MSA). Apart from doing 'the right thing' what would be the benefit? The RFC gives some ideas in a later section: (...) Even when submitted messages are complete, local site policy may dictate that the message text be examined or modified in some way, e.g., to conceal local name or address spaces. Such completions or modifications have been shown to cause harm when performed by downstream MTAs -- that is, MTAs after the first-hop submission MTA -- and are in general considered to be outside the province of standardized MTA functionality. >From my daily work with mailman the following "modified in some way"-tasks come to my mind immediately: - apply client and content policy that differs from the port 25 anti-spam policy - add DKIM signatures because it is clear mailman messages are ORIGINATING from our network What would we have to do, to make port 587 the default port? In section 4 the RFC says, a MSA MUST do all of the following: 1. General Submission Rejection Code 2. Ensure All Domains Are Fully-Qualified 3. Require Authentication To cut it short: 1. and 2. are trivial (at least in Postfix and I don't know the others MTAs well enough to tell for them too). 3. requires to add SMTP AUTH functionality to Mailman's SMTP client. How should we implement SMTP AUTH in the MM SMTP client? I propose for a start plaintext (PLAIN, LOGIN) and shared-secret mechanisms (CRAM-MD5, DIGEST-MD5) should be added to the SMTP client. Those are the ones used most widely in every day SMTP AUTH. Later implementations could add GSSAPI and EXTERNAL. If plaintext mechanisms are added we should also consider to add STARTTLS functionality to MM's SMTP client to shield credentials while they are sent in a plaintext authentication session. p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht München Partnerschaftsregister PR 563 _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9