On Mon, Apr 26, 2004 at 05:38:03AM -0500, Edgar Lovecraft wrote:
> Matthew Byng-Maddick wrote:
> I said to use "SMTP Submission" that means to follow RFC 2476 which by
> definition is restricted access as to who can submit messages to the
> MSA. Just because a server has tcp 587 open and accepting SMTP messages
> does not mean that the server is an MSA and following the RFC, it just
> means that a server is accepting SMTP transactions on that port. Two
> completely different things.
I know that, but if you're implementing access lists at your border routers,
then as far as you're concerned, they're equivalent. This is the situation
in which everyone loses, and the one that I'm complaining about.
> > > Inet. Also, "SMTP Submission" is not about using TCP 587, or 25, or
> > > 8190, or any other port, "SMTP Submission" is the WAY that a message
> > > is inserted into the MTA data stream (data stream being a generic
> > > transport statement). An open-relay on ANY port is just that, an
> > > open-relay, not an MSA server.
> > Yes, and an open relay is nothing to do with what I'm talking about,
> Yes it is.
Nothing I've said has suggested that I think people are likely to set up
open relays on that port. However, I do suggest that they are likely to
accept non-relay, non-authenticated mail on that port, which is what I
perceive as the problem.
> > you're not reading what I'm actually saying. The point is that NO
> You have not been reading what I said.
I have, very carefully. You've brought in spurious open relays which are
nothing to do with it.
My suggestion is that everyone loses if people just start using 587/tcp
as just another SMTP interface, without a difference in policy. The
reason that everyone loses (rather than just the idiot who does it) is
that network operators of public-access networks are going to be pressured
into blocking outbound 587/tcp traffic in the same way as they are being
for 25/tcp traffic, because the spam and virus software will learn to try
that instead. If they start doing it, it makes providing global authenticated
relaying services much much harder.
> > non-authenticated mail must get through from port 587, it shouldn't
> > matter whether it's for a local destination(not open relay) or
> > remote(open relay), if it's not authenticated, it doesn't get through.
> That is what I said.
But you brought in open relays which is orthogonal to everything I've been
saying.
> > > <FROM_RFC_2476>
> > [...]
> > > submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with
> > > additional restrictions as specified here.
> > [...]
> > > </FROM_RFC_2476>
> > That's the really important bit,
> That was whole bit.
So why did I have to snip 8 lines of extraneous rubbish (where the [...]s
are)?
> > but given implementations of 25/tcp listeners and senders, somehow I
> > don't hold out much hope...
> Here again, that is something completely different.
My point is that people don't read the standard.
> Point is, setting a server to accept SMTP transactions on a non-standard
> port whether that port be 587 or 9090, does not mean that you have
> installed and MSA, it means that you installed an MTA on a port other than
> port 25, that is something entirley different than installing an MSA as
> defined in RFC 2476, also note that an MSA can use either 587 or 25 by the
> RFC definition.
Agreed, but we all lose if people start accepting the non-restricted SMTP
on 587/tcp, because networks will be forced to block/proxy/etc at their
borders, as they are becoming pressured to do with 25/tcp. So, my original
email to which you replied was a call for people to make sure that they are
doing so....
Cheers
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
(Please use this address to reply)
