* on the Mon, Feb 05, 2007 at 09:45:20AM -0800, Michael_google gmail_Gersten wrote:
>> Nope .. 587 is an alternative to 25. Unlike the other two, it's not >> encrypted. > Whoops! I've taken that one off my list of ports then. I'm not sure what was suggested is actually correct. Port 25 is for SMTP relaying, port 587 is for SMTP submission. Port 465 is for SMTP submission with SSL negotiation immediately on connect. Both ports 25 and 587 can do TLS, and generally if 25 does it, 587 will do it to. Other issues regarding SMTP inside TOR... If you use either 25 or 587 with TLS, the exit node will still be able to view the plain text value of the "HELO" or "EHLO" sent by the submitting host. This *could* allow in certain circumstances, for the exit node to make a good guess of the originating host, for what that's worth. This is because many MUAs use the hostname or the IP address of your machine in the HELO. If you're behind NAT, that value may just be the RFC1918 address though. Port 465 doesn't have this problem though as the entire conversation is encrypted. Assuming the client doesn't accept a bad certificate and leave themselves open to a MITM attack. For informational purposes, port 465 was hijacked by Microsoft for Outlook when they decided to come up with their own way of doing SMTP SSL. It has recently been assigned by IANA for a "real" service. Check out the port on http://www.iana.org/assignments/port-numbers > As for blocking IP, I'm dynamic :-). Many hosts now reject mail from dynamic IP addresses. You might want to perform recipient callouts with rejections during the SMTP conversation, rather than blindly accepting any mail from the TOR network and then generating a bounce when it fails to deliver. SMTP inside TOR has so many little issues it makes my brain hurt. Mike