On Sun, Apr 25, 2004 at 10:08:00PM -0500, Edgar Lovecraft wrote:
> Matthew Byng-Maddick wrote:
> > On Sun, Apr 25, 2004 at 04:11:08PM -0500, Edgar Lovecraft wrote:
> ..[snip]...
> > > Duh... That is what the standard is for ;)
> > > Anyone who implements a very poor MSA setup deserves what they get.
> > You're missing my point. The reason we have closed tcp/25 in various
> > places is to try and stop arbitrary delivery from within networks. If
> > people are implementing 587 allowing non-authenticated local delivery,
> An open relay, is an open relay, is an open relay, is an ....
...is absolutely nothing to do with what I'm talking about.
> > then eventually, these networks will be forced to block tcp/587 too.
> Nope, i disagree, there would be no more blocking of this than there would
> be for blocking outbound TCP 137/138 (Netbios ports) on ISP netblocks.
They will be forced to, to stop the same direct-to-mx spam that we see on
port 25. This is, after all, why they're doing it (so they have records
and can force customers to use their relays on which proper analysis can
be done).
> > So it doesn't just affect them (to deserve what they get), it affects
> > all of us.
> No it does not, as those servers would be easily identifiable if you are
> suggesting that they would be sending to much UCE/UBE, in which case,
> they deserve what they get, and it does not at all effect the rest of the
This is complete and utter rubbish. You may or may not have noticed, but
major proportion of spam and virus spew appears to be from random dialup
windows hosts on the end of DSL or modem lines. Networks which allow this
kind of access are filtering tcp/25 at their borders to try and force this
crap to go through their mail relays where they can stop it. If mail system
administrators allow general delivery on tcp/587, then the networks will
be forced to do the same for 587, which would make life hard for all of us
who are trying to use it properly.
> Inet. Also, "SMTP Submission" is not about using TCP 587, or 25, or 8190,
> or any other port, "SMTP Submission" is the WAY that a message is inserted
> into the MTA data stream (data stream being a generic transport statement).
> An open-relay on ANY port is just that, an open-relay, not an MSA server.
Yes, and an open relay is nothing to do with what I'm talking about, you're
not reading what I'm actually saying. The point is that NO non-authenticated
mail must get through from port 587, it shouldn't matter whether it's for a
local destination(not open relay) or remote(open relay), if it's not
authenticated, it doesn't get through.
> <FROM_RFC_2476>
[...]
> submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with
> additional restrictions as specified here.
[...]
> </FROM_RFC_2476>
That's the really important bit, but given implementations of 25/tcp
listeners and senders, somehow I don't hold out much hope...
Cheers
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
(Please use this address to reply)
