> Date: Mon, 28 Feb 2005 16:54:23 -0500
> From: Nils Ketelsen <[EMAIL PROTECTED]>
> To: nanog@merit.edu
> Subject: Re: Why do so few mail providers support Port 587?
> [ ... ]
> I do not know about your E-Mail Policy, but normally it is either
> allowed to use an ext
I've seen this thread go on for quite a while, and have been getting lots
of "when are you going to shut that thread down?" types of queries.
While not particularly off-topic, a lot of the responses do look pretty
repetative. Therefore, I'd like to suggest that, unless you have
something to say o
J.D. Falk wrote:
On 03/01/05, David Lesher <[EMAIL PROTECTED]> wrote:
Well, I'm no player in this league and ask...
Why will ISP's ""wise up"" and block 587?
If 587 is always auth'ed; then there will be no spam splashback
provoking calls to block it. (Individual customers may get
zombie
On 03/01/05, David Lesher <[EMAIL PROTECTED]> wrote:
> Well, I'm no player in this league and ask...
>
> Why will ISP's ""wise up"" and block 587?
>
> If 587 is always auth'ed; then there will be no spam splashback
> provoking calls to block it. (Individual customers may get
> zombied; b
On Tue, 2005-03-01 at 15:55 -0500, David Lesher wrote:
> In either case, why will the clued ISP's want to block 587?
It's not the clueful ISPs that you need worry about.
-Jim P.
Speaking on Deep Background, the Press Secretary whispered:
>
>
> Yes, right up until a) ISPs wise up and start blocking port 587, and
> then 465 for good measure. or b) malware authors wise up. B will
> happen sooner.
>
> Chris
Well, I'm no player in this league and ask...
Why wil
Chris Horry wrote:
Yes, right up until a) ISPs wise up and start blocking port 587, and
then 465 for good measure. or b) malware authors wise up. B will
happen sooner.
I completely agree, which is why if alternative SMTP injection ports are
being used, some measure of authentication be used to a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nils Ketelsen wrote:
> On Mon, Feb 28, 2005 at 05:13:35PM -0500, [EMAIL PROTECTED] wrote:
>
>
>>On Mon, 28 Feb 2005 16:54:23 EST, Nils Ketelsen said:
>>
>>>An interesting theory. What is the substantial difference? For
>>>me the security implication
On Tue, 1 Mar 2005 [EMAIL PROTECTED] wrote:
> > I'm skeptical that a model that only sort of works for under 30K ASNs
> > and maybe 1K bilateral peering agreements for the *really* big Tier-1s
> > won't scale to a world that has 40M+ .com domains and probably a million
> > SMTP servers.
>
> Well
On Tue, 1 Mar 2005 [EMAIL PROTECTED] wrote:
> On Tue, 01 Mar 2005 09:18:19 EST, Nils Ketelsen said:
>
> > 2. Port 587 Mailservers only make sense, when other Providers block
> > port 25. My point is: If my ISP blocks any outgoing port, he is no longer
> > an ISP I will buy service from.
>
> Tha
Speaking on Deep Background, the Press Secretary whispered:
>
>
> Okay, the main difference seems to be:
>
> 1. People here trust, that mailservers on port 587 will have
> better configurations than mailservers on port 25 have today. I
> do not share this positive attitude.
Well, is authentica
On Tue, 01 Mar 2005 09:36:35 EST, Nils Ketelsen said:
> I am in the lucky situation, where I decide, which providers my users get.
Even when they're travelling? That's quite the Big-Brother operation you have ;)
pgpkWGlqiZzuB.pgp
Description: PGP signature
On Tue, 1 Mar 2005 09:18:19 -0500, Nils Ketelsen
<[EMAIL PROTECTED]> wrote:
> Okay, the main difference seems to be:
>
> 1. People here trust, that mailservers on port 587 will have
> better configurations than mailservers on port 25 have today. I
> do not share this positive attitude.
I think y
On Tue, 01 Mar 2005 09:18:19 EST, Nils Ketelsen said:
> 2. Port 587 Mailservers only make sense, when other Providers block
> port 25. My point is: If my ISP blocks any outgoing port, he is no longer
> an ISP I will buy service from.
That's not when you need a port 587 server...
>
On Tue, Mar 01, 2005 at 03:25:39PM +0100, Frank Louwers wrote:
> On Tue, Mar 01, 2005 at 09:18:19AM -0500, Nils Ketelsen wrote:
> >
> > 2. Port 587 Mailservers only make sense, when other Providers block
> > port 25. My point is: If my ISP blocks any outgoing port, he is no longer
> > an ISP I w
On Tue, Mar 01, 2005 at 09:18:19AM -0500, Nils Ketelsen wrote:
>
> 2. Port 587 Mailservers only make sense, when other Providers block
> port 25. My point is: If my ISP blocks any outgoing port, he is no longer
> an ISP I will buy service from. Therefore I do not need a 587-Mailserver,
> as I do
On Mon, Feb 28, 2005 at 05:13:35PM -0500, [EMAIL PROTECTED] wrote:
> On Mon, 28 Feb 2005 16:54:23 EST, Nils Ketelsen said:
> > An interesting theory. What is the substantial difference? For
> > me the security implications of "allowing the user to bypass our
> > mailsystem on port 25" and ""allow
> > No, I am not suggesting a return to the UUCP model. If I
> > was then I would have said that. I am suggesting that
> > we apply the lessons learned from the BGP peering model.
>
> I'm skeptical that a model that only sort of works for under 30K ASNs
> and maybe 1K bilateral peering agreements
> No, I am not suggesting a return to the UUCP model. If I
> was then I would have said that. I am suggesting that
> we apply the lessons learned from the BGP peering model.
I'm skeptical that a model that only sort of works for under 30K ASNs
and maybe 1K bilateral peering agreements for the *rea
> >Because that would require providers to act like professionals,
> >join an Internet Mail Services Association, agree on policies
> >for mail exchange, and require mail peering agreements in
> >order to enable port 25 access to anyone.
>
> Nice in theory, but I don't think it would scale. In e
On Mon, 28 Feb 2005 16:54:23 EST, Nils Ketelsen said:
> An interesting theory. What is the substantial difference? For
> me the security implications of "allowing the user to bypass our
> mailsystem on port 25" and ""allowing the user to bypass our mailsystem on
> port 587" are not as obvious as t
On Sat, Feb 26, 2005 at 03:10:42PM +0100, JP Velders wrote:
> >From a "security" stance (well - partly ;D) I always like to emphasize
> that in "The Real World" port 25 is for traffic between MTA's *and*
> submission of mails to the local MTA. So to reduce the chance of one
> of my users abusing
In message <[EMAIL PROTECTED]>, Sean Donelan
writes:
>Requiring end-user computers to use authenticated Port 587 and blocking
>end-user computers access to port 25 has several advantages:
>
> 2. Lets the authenticated mail server conduct additional
>anti-virus checks on outgoing mail even
At 4:51 PM + 2/25/05, [EMAIL PROTECTED] wrote:
> I'll agree with you on one thing, though -- the whole
business of port 587 is a bit silly overall...why can't the same
authentication schemes being bandied about for 587 be applied to 25,
thus negating the need for another port just for mail
[ This discussion should be moved to Spam-L. ]
On Mon, Feb 28, 2005 at 10:35:53AM +, [EMAIL PROTECTED] wrote:
> You misunderstand me. I believe *LESS* red tape will mean
> better service. Today, an email operator has to deal with
> numerous blacklisting and spam-hunting groups, many of which
On Mon, 28 Feb 2005 10:35:53 GMT, [EMAIL PROTECTED] said:
> You misunderstand me. I believe *LESS* red tape will mean
> better service. Today, an email operator has to deal with
> numerous blacklisting and spam-hunting groups, many of which
> act in secret and none of which have any accountability
> It's time to take this thread to SPAM-L or
> some other spam oriented list.
I strongly disagree. This thread has not been
about spam. For the most part it has dealt with
technical operational issues of email services
and therefore it is right on track for this list.
--Michael Dillon
> > Unfortunately, providers seem to prefer unilateral heavy-handed
> > behavior rather than acting professional. They prefer working out
> > solutions in isolation or in small closed cabals working in secret in
> > backrooms rather than working open to public scrutiny in an
> > association. They
> Internal users: With AUTH - correlate message with authenticated
user,
> then forbid mail transmission for them only. I'd rather do that than
> slog through RADIUS logs. But, hey, maybe if I had more free time...
>
> Increasing the detail of an audit trail doesnt mean anyone will
> a
SD> Date: Sat, 26 Feb 2005 00:24:16 -0500 (EST)
SD> From: Sean Donelan
SD> Sigh, if even the network professionals have difficulty understanding
SD> how things work, what hope is there for the rest of the users.
Funny you should say that. I frequently comment that the average
"service provider"
jm> Date: Fri, 25 Feb 2005 15:13:04 -0800 (PST)
jm> From: just me
jm> Internal users: With AUTH - correlate message with authenticated user,
jm> then forbid mail transmission for them only. I'd rather do that than
jm> slog through RADIUS logs. But, hey, maybe if I had more free time...
On Sat, 26 Feb 2005, Jim Popovitch wrote:
> I am against port blocking as much as the next guy, I just see port 587
> as a disaster waiting to happen. ISP provided email credentials are
> universally transmitted in plain text. If an (insert any ISP here)
> employee can be arrested for selling e
> (as you say, blocking port 587 makes no sense).
Let me get this straight... it makes no sense to block a port that will
allow unlimited relaying of all sorts of malware by only verifying an
easily purchased or stolen username and password?
If someone uses a big-ISP network to forward business
Paul Vixie wrote:
well, in sbc-dsl-land, port 25 and port 587 are blocked, but port 26 gets
through. it seems bizarre that port 587 would ever be blocked
I suspect that was some kind of temporary aberration. SBC started
blocking port 25 in the last two months, and during that time I've
helped at
On Fri, 25 Feb 2005 [EMAIL PROTECTED] wrote:
>
> > I'll agree with you on one thing, though -- the whole
> > business of port 587 is a bit silly overall...why can't the same
> > authentication schemes being bandied about for 587 be applied to 25,
> > thus negating the need for another port just
> Date: Thu, 24 Feb 2005 16:08:42 -0500
> From: Nils Ketelsen <[EMAIL PROTECTED]>
> To: nanog@merit.edu
> Subject: Re: Why do so few mail providers support Port 587?
> On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
> [ ... ]
> > What can be done
[Note reply-to]
On Fri, Feb 25, 2005 at 02:45:40PM -0500, [EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> > On Fri, 25 Feb 2005 12:56:50 EST, [EMAIL PROTECTED] said:
> >
> >> Sorry, I misread that. But I still fail to see how 587 changes that.
[snip]
> Yes. Authenticated SMTP makes track
erations & Infrastructure
[EMAIL PROTECTED]
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> just me
> Sent: Friday, February 25, 2005 5:26 PM
> To: Frank Louwers
> Cc: nanog@merit.edu
> Subject: Re: Why do so few mail providers support Po
On Fri, 25 Feb 2005, just me wrote:
> What I disagree with is the constant disingenuous suggestion made
> here that AUTH by itself has any impact on unwanted email. When the
> lights are on, but nobody is home, it doesnt matter how detailed the
> accounting is. And it seems that theres plenty of l
On Fri, 25 Feb 2005, J.D. Falk wrote:
On 02/25/05, just me <[EMAIL PROTECTED]> wrote:
> Increasing the detail of an audit trail doesnt mean anyone will
> automatically use the information in an effective manner.
>
> Without auth, most ISPs could correlate abuse behavior between MTA
On Fri, 25 Feb 2005 [EMAIL PROTECTED] wrote:
> Sorry, I misread that. But I still fail to see how 587 changes that.
> Trojans, viruses, etc. etc. etc. can still exploit the authentication
> system regardless of what port it operates on. Different port, same old
> problems.
Sigh, if even the net
And what's an even stranger secret is that MAAWG members get to pay
double the registration fee of non maawg members :) Now that's
openness for you ...
Come on in .. it is the nearest thing to nanog that I've seen for mail
ops people in the NA region (+ quite a lot of the world).
--srs (I like
On 02/25/05, just me <[EMAIL PROTECTED]> wrote:
> On Fri, 25 Feb 2005, Edward B. Dreger wrote:
>
> Internal users: With AUTH - correlate message with authenticated user,
> then forbid mail transmission for them only. I'd rather do that than
> slog through RADIUS logs. But, hey, maybe i
On 02/25/05, [EMAIL PROTECTED] wrote:
> > You might want to check out http://www.maawg.org - at least stateside,
>
> I'm uncomfortable with two aspects of this group.
> First is it's anti-abuse stance. I would prefer to
> see a group that was focussed on services, i.e.
> providing the best emai
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [Fri 25 Feb 2005, 18:13 CET]:
> Unfortunately, providers seem to prefer unilateral heavy-handed
> behavior rather than acting professional. They prefer working out
> solutions in isolation or in small closed cabals working in secret in
> backrooms rather tha
On Fri, 25 Feb 2005, just me wrote:
> Most ISPs don't watch logs for the signs of abuse now, why would
> they magically change their behavior and monitor logs if they
> required auth? Just because there is more of an audit trail doesn't
> mean that it will be used.
Because now the server send
On Fri, 25 Feb 2005, Edward B. Dreger wrote:
Internal users: With AUTH - correlate message with authenticated user,
then forbid mail transmission for them only. I'd rather do that than
slog through RADIUS logs. But, hey, maybe if I had more free time...
Increasing the detail of an audit
On Fri, 25 Feb 2005, Christopher X. Candreva wrote:
On Fri, 25 Feb 2005, just me wrote:
> What are you, stupid? The spammers have drone armies of machines
> with completely compromised operating systems. What makes you think
> that their mail credentials will be hard to obtain?
jm> Date: Fri, 25 Feb 2005 14:25:48 -0800 (PST)
jm> From: just me
jm> What are you, stupid? The spammers have drone armies of machines
jm> with completely compromised operating systems. What makes you think
jm> that their mail credentials will be hard to obtain?
Internal users: With AUTH - corr
On Fri, 25 Feb 2005, just me wrote:
> What are you, stupid? The spammers have drone armies of machines
> with completely compromised operating systems. What makes you think
> that their mail credentials will be hard to obtain?
What are you, stupid ? Run a virus scanner on your mail relay so
On Fri, 25 Feb 2005, Frank Louwers wrote:
The trick is to config port 587 in such a way that it ONLY accepts
smtp-auth mail, not regular smtp.
That way, virii/spam junk won't be able to use that port.
What are you, stupid? The spammers have drone armies of machines
with completely comp
> You might want to check out http://www.maawg.org - at least stateside,
I'm uncomfortable with two aspects of this group.
First is it's anti-abuse stance. I would prefer to
see a group that was focussed on services, i.e.
providing the best email service possible to end-users.
The second thing is
On Fri, 25 Feb 2005 [EMAIL PROTECTED] wrote:
> being used on port 25 already. You can do SMTP AUTH just as easily on
> port 25 without having to re-educate your users and still net the same
> simplified tracking procedures that you mention. It sounds to me like
> what we should really be talkin
On Fri, 25 Feb 2005 16:51:31 +, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
> > I'll agree with you on one thing, though -- the whole
> > business of port 587 is a bit silly overall...why can't the same
> > authentication schemes being bandied about for 587 be applied to 25,
> > thus nega
[EMAIL PROTECTED] wrote:
> On Fri, 25 Feb 2005 12:56:50 EST, [EMAIL PROTECTED] said:
>
>> Sorry, I misread that. But I still fail to see how 587 changes that.
>> Trojans, viruses, etc. etc. etc. can still exploit the authentication
>> system regardless of what port it operates on. Different por
On Fri, 25 Feb 2005 12:56:50 EST, [EMAIL PROTECTED] said:
> Sorry, I misread that. But I still fail to see how 587 changes that.
> Trojans, viruses, etc. etc. etc. can still exploit the authentication
> system regardless of what port it operates on. Different port, same old
> problems.
It chang
On Fri, 25 Feb 2005 02:30:01 EST, Jim Popovitch said:
> Why not a VPN solution. If you have mail servers that your users need,
> chances are that you also have file servers, internal web servers.
> calender servers, etc.
We're talking ISPs and other "mostly open" providers, not corporate nets.
[EMAIL PROTECTED] wrote:
> Joe Maimon wrote:
>
>> We need 587 because trusted authentication in SMTP does not transit
>> with the message. So there is no way to require authenticated email
>> only from all systems that would be worth a damn.
>
> Local delivery only unless authenticated isn't wor
Joe Maimon wrote:
> We need 587 because trusted authentication in SMTP does not
> transit with the message. So there is no way to require
> authenticated email only from all systems that would be worth
> a damn.
Local delivery only unless authenticated isn't worth a damn? Is this
really that d
On 2/25/2005 11:17 AM, [EMAIL PROTECTED] wrote:
> department. I'll agree with you on one thing, though -- the whole
> business of port 587 is a bit silly overall...why can't the same
> authentication schemes being bandied about for 587 be applied to 25,
> thus negating the need for another port
> I'll agree with you on one thing, though -- the whole
> business of port 587 is a bit silly overall...why can't the same
> authentication schemes being bandied about for 587 be applied to 25,
> thus negating the need for another port just for mail injection?
Because that would require provider
On 2/25/2005 10:51 AM, Nils Ketelsen wrote:
> On Thu, Feb 24, 2005 at 11:36:40PM -0500, [EMAIL PROTECTED] wrote:
> I force anyone, who wants to relay to use SMTP-AUTH on port 25. Only mails
> for local delivery are accepted without AUTH. Whats point
> in opening another port?
There are lots of
On Fri, Feb 25, 2005, Nils Ketelsen wrote:
> It's so funny. On this list many argued Port 25 outgoing must
> be blocked only to notice, that users actually seem to need it to
> send mail. Now we must configure our mailservers to listen on 587 to
> circumvent these filters, that were stupid in the
On Fri, Feb 25, 2005 at 10:47:59AM -0500, Nils Ketelsen wrote:
>
> Now to my prophecy mode: Spammers will start using 587 to spam, which we
> then also all block outgoing, notice again that customers still want to
The trick is to config port 587 in such a way that it ONLY accepts
smtp-auth mai
On Fri, 25 Feb 2005 11:17:35 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> That's being a bit disingenuous. The discussion here hasn't been to
> open up port 587 to relay for all comers, but rather to open it up for
> authenticated use only. If spammers start using it, then it's a result
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
On Thu, Feb 24, 2005 at 04:02:20PM -0700, Smoot Carl-Mitchell wrote:
On Thu, 2005-02-24 at 17:14 -0500, Jim Popovitch wrote:
If supporting one port is y hours of time and headache, then two
ports is closer to y*2 than y (some might a
Nils Ketelsen wrote:
On Thu, Feb 24, 2005 at 11:36:40PM -0500, [EMAIL PROTECTED] wrote:
Well, OK. If you know for a *fact* that your users *never* roam, and you
have sufficiently good control of your IP addresses that you can always safely
decide if a given connection is "inside" or "outside"
[EMAIL PROTECTED] wrote:
> On Thu, Feb 24, 2005 at 04:02:20PM -0700, Smoot Carl-Mitchell wrote:
>
>> On Thu, 2005-02-24 at 17:14 -0500, Jim Popovitch wrote:
>>> If supporting one port is y hours of time and headache, then two
>>> ports is closer to y*2 than y (some might argue y-squared). 587 ha
On Thu, Feb 24, 2005 at 11:36:40PM -0500, [EMAIL PROTECTED] wrote:
> Well, OK. If you know for a *fact* that your users *never* roam, and you
> have sufficiently good control of your IP addresses that you can always safely
> decide if a given connection is "inside" or "outside" and allow them to
On Thu, Feb 24, 2005 at 04:02:20PM -0700, Smoot Carl-Mitchell wrote:
> On Thu, 2005-02-24 at 17:14 -0500, Jim Popovitch wrote:
> > If supporting one port is y hours of time and headache, then two ports
> > is closer to y*2 than y (some might argue y-squared). 587 has some
> > validity for provid
On 2/25/2005 3:16 AM, Adrian Chadd wrote:
>
> [reposting this to nanog, as my answer might be reasonably ontopic]
>
> On Fri, Feb 25, 2005, Brad Knowles wrote:
>
>>At 8:05 AM + 2005-02-25, Adrian Chadd wrote:
>>
Because your MUA doesn't support SSL on what it considers to be
no
[EMAIL PROTECTED] wrote:
> On Thu, 24 Feb 2005 16:51:50 EST, [EMAIL PROTECTED] said:
>
>> There seem to be many who feel there is no overwhelming reason to
>> support 587. I can certainly see that point of view, but I guess my
>> question is what reasons do those of you with that viewpoint have
Nils Ketelsen wrote:
On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
What can be done to encourage universities and other mail providers
with large roaming user populations to support RFC2476/Port 587?
Give a good reason. That is still the missing part.
For the above popu
On Fri, Feb 25, 2005 at 02:30:01AM -0500, Jim Popovitch wrote:
>
> On Thu, 2005-02-24 at 23:36 -0500, [EMAIL PROTECTED] wrote:
> >
> > The rest of us run mail services in the real world, where lots of users buy
> > laptops, and then actually *use* the portability and thus
> > often
> > end up b
[reposting this to nanog, as my answer might be reasonably ontopic]
On Fri, Feb 25, 2005, Brad Knowles wrote:
> At 8:05 AM + 2005-02-25, Adrian Chadd wrote:
>
> >>Because your MUA doesn't support SSL on what it considers to be
> >> non-standard ports? Because your ISP won't let you set
On Fri, Feb 25, 2005, Jim Popovitch wrote:
>
> On Thu, 2005-02-24 at 23:36 -0500, [EMAIL PROTECTED] wrote:
> >
> > The rest of us run mail services in the real world, where lots of users buy
> > laptops, and then actually *use* the portability and thus
> > often
> > end up behind some other ISP
On Thu, 2005-02-24 at 23:36 -0500, [EMAIL PROTECTED] wrote:
>
> The rest of us run mail services in the real world, where lots of users buy
> laptops, and then actually *use* the portability and thus often
> end up behind some other ISP's port-25 block.
Why not a VPN solution. If you have mail
On Thu, 24 Feb 2005 17:14:17 EST, Jim Popovitch said:
>
> If supporting one port is y hours of time and headache, then two ports
> is closer to y*2 than y (some might argue y-squared). 587 has some
> validity for providers of roaming services, but who else? Why not
> implement 587 behavior (auth
> "Paul" == Paul Vixie <[EMAIL PROTECTED]> writes:
Paul> well, in sbc-dsl-land, port 25 and port 587 are blocked, but
Paul> port 26 gets through.
I have a port-587 relay on my network which is used by some
sbc-dsl-land users... they don't appear to be blocked
--
Andrew, Supernews
http://
On Thu, 24 Feb 2005 16:51:50 EST, [EMAIL PROTECTED] said:
> There seem to be many who feel there is no overwhelming reason to
> support 587. I can certainly see that point of view, but I guess my
> question is what reasons do those of you with that viewpoint have *not*
> to implement it? I just
On Thu, 24 Feb 2005 16:40:05 EST, Nils Ketelsen said:
> And if I am a roaming user at some other site, that blocks or hijacks port
> 587?
Can anybody point at any ISP that actually does hijack port 587? (Yes, it's
quite possible that if you're visiting and on a corporate net as a consultant
or si
On Thu, 2005-02-24 at 17:14 -0500, Jim Popovitch wrote:
> If supporting one port is y hours of time and headache, then two ports
> is closer to y*2 than y (some might argue y-squared). 587 has some
> validity for providers of roaming services, but who else? Why not
> implement 587 behavior (auth
> On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
>
> > Although RFC2476 was published in December 1998, its amazing how few
> > mail providers support the Message Submission protocol for e-mail on
> > Port 587. Even odder, some mail providers use other ports such as 26
> > or 2525
On Thu, Feb 24, 2005 at 04:51:50PM -0500, [EMAIL PROTECTED] wrote:
> There seem to be many who feel there is no overwhelming reason to
> support 587. I can certainly see that point of view, but I guess my
> question is what reasons do those of you with that viewpoint have *not*
> to implement it
If supporting one port is y hours of time and headache, then two ports
is closer to y*2 than y (some might argue y-squared). 587 has some
validity for providers of roaming services, but who else? Why not
implement 587 behavior (auth from the outside coming in, and accept all
where destin == this
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
On Thu, 24 Feb 2005 16:08:42 EST, Nils Ketelsen said:
On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
What can be done to encourage universities and other mail providers
with large roaming user populations to support RF
[EMAIL PROTECTED] wrote:
> On Thu, 24 Feb 2005 16:08:42 EST, Nils Ketelsen said:
>
>> On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
>
>>> What can be done to encourage universities and other mail providers
>>> with large roaming user populations to support RFC2476/Port 587?
>>
>
On Thu, 24 Feb 2005 16:08:42 EST, Nils Ketelsen said:
> On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
> > What can be done to encourage universities and other mail providers
> > with large roaming user populations to support RFC2476/Port 587?
>
> Give a good reason. That is still
On Thu, Feb 24, 2005 at 04:20:33PM -0500, [EMAIL PROTECTED] wrote:
> On Thu, 24 Feb 2005 16:08:42 EST, Nils Ketelsen said:
> > On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
> > > What can be done to encourage universities and other mail providers
> > > with large roaming user popu
* Nils Ketelsen:
>> What can be done to encourage universities and other mail providers
>> with large roaming user populations to support RFC2476/Port 587?
>
> Give a good reason. That is still the missing part.
>From the MTA perspective, 25/TCP is the "you are responsible for the
message" port,
On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
> Although RFC2476 was published in December 1998, its amazing
> how few mail providers support the Message Submission protocol
> for e-mail on Port 587. Even odder, some mail providers
> use other ports such as 26 or 2525, but not th
On Sat, 19 Feb 2005, J.D. Falk wrote:
> > Has AOL notified anyone in advance? Quite a few provider-independent
> > mail providers were caught by surprise.
>
> Is there a mailing list that will reach all/most of these
> provider-independent mail providers?
>
> (If so, then that's
On 02/19/05, Florian Weimer <[EMAIL PROTECTED]> wrote:
> * Sean Donelan:
>
> > Yet another reason for supporting port 587 on your servers for remote
> > authenticated mail submission from your users. If you don't support
> > port 587, and use SPF, it may break when AOL or other providers re-di
* Sean Donelan:
> Yet another reason for supporting port 587 on your servers for remote
> authenticated mail submission from your users. If you don't support
> port 587, and use SPF, it may break when AOL or other providers re-direct
> port 25.
>
> http://www.heise.de/english/newsticker/news/564
On Thu, 17 Feb 2005, Owen DeLong wrote:
> Chances are that the Sendmail team doesn't share your worm problems as most
> of them are not likely running unpatched windows boxes.
You don't have to run Windowz systems to get hit by their blowback.
And that's the problem, in a nutshell
--
-- T
Chances are that the Sendmail team doesn't share your worm problems as most
of them are not likely running unpatched windows boxes.
Owen
pgpXFCaZUIc43.pgp
Description: PGP signature
On Wed, 16 Feb 2005 [EMAIL PROTECTED] wrote:
> > Um, you actually have to work somewhat to get sendmail to support
> > unauthenticated submission on port 587. The default configuration
> > is that port 25 is unauthenticated (albeit with some restrictions
> > on relaying (only for local clients))
Yet another reason for supporting port 587 on your servers for remote
authenticated mail submission from your users. If you don't support
port 587, and use SPF, it may break when AOL or other providers re-direct
port 25.
http://www.heise.de/english/newsticker/news/56437
> with many questions re
On Wed, 16 Feb 2005 01:46:09 PST, Owen DeLong said:
>
> --==04787AC3A7FDFBF67AA5==
> Content-Type: text/plain; charset=us-ascii; format=flowed
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> Um, you actually have to work somewhat to get sendmail to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thor Lancelot Simon wrote:
| On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
|
|>Sendmail now includes Port 587, although some people disagree how
|>its done. But Exchange and other mail servers are still difficult
|>for system administra
1 - 100 of 120 matches
Mail list logo
