-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nils Ketelsen wrote: > On Mon, Feb 28, 2005 at 05:13:35PM -0500, [EMAIL PROTECTED] wrote: > > >>On Mon, 28 Feb 2005 16:54:23 EST, Nils Ketelsen said: >> >>>An interesting theory. What is the substantial difference? For >>>me the security implications of "allowing the user to bypass our >>>mailsystem on port 25" and ""allowing the user to bypass our mailsystem on >>>port 587" are not as obvious as they maybe are to you. >> >>The big difference is that if they connect on outbound 25, they're basically >>unauthenticated at the other end. Port 587 "should be" authenticated, which >>means that the machine making the connection out is presumably a legitimate >>user of the destination mail server. > > > Okay, the main difference seems to be: > > 1. People here trust, that mailservers on port 587 will have > better configurations than mailservers on port 25 have today. I > do not share this positive attitude.
I truly hope this isn't the case, I don't trust any mail server that I didn't personally configure. > 2. Port 587 Mailservers only make sense, when other Providers block > port 25. My point is: If my ISP blocks any outgoing port, he is no longer > an ISP I will buy service from. Therefore I do not need a 587-Mailserver, > as I do not use any ISP with Port 25-Blocking for connecting my sites or > users. Yes, right up until a) ISPs wise up and start blocking port 587, and then 465 for good measure. or b) malware authors wise up. B will happen sooner. Chris - -- Chris Horry KG4TSM "You're original, with your own path [EMAIL PROTECTED] You're original, got your own way" PGP: DSA/2B4C654E -- Leftfield -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJM9FnAAeGCtMZU4RAvsFAKC5SvTVLS2VffMq2rcp7ZZZt4IGVwCgqbHO 2mSmy8GWV+l3xEzFsBBXp1o= =0wKT -----END PGP SIGNATURE-----