Marc Sherman wrote:
> W B Hacker wrote:
>
>>Ancient history now. Like it or not, we should move on and use 587.
>
>
> That's all well and good, Bill, and if you simply advised people not to
> open port 465 at all, I wouldn't reply. It's your repeated advise to
> people to open 465 for unencrypted/STARTTLS usage, against all
> established historical practice, to which I object.
>
> - Marc
>
You have a reading disability then.
I have neither recommended that, illustrated that, nor done it on production
servers OR MUA settings. We have never used 465 for anything BUT SSL/tls_on-connect.
I *have* "illustrated", but NOT RECOMMENDED use of port 587 with tls_on_connect.
That is not common per established practice, but is tactily supported and *not
prohibited* under the applicable IANA/IETF guidelines for the port.
See RFC 4409:
3.1. Submission Identification
Port 587 is reserved for email message submission as specified in
this document. Messages received on this port are defined to be
submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], *with
additional restrictions or allowances as specified here*.
.
.
.
3.3. Authorized Submission
"Numerous methods have been used to ensure that only authorized users
are able to submit messages. These methods include authenticated
SMTP, IP address restrictions, *secure IP and other tunnels*,..."
That said, I still do not RECOMMEND *anything* - save familiarizing oneself with
the current IANA or IETF position.
The rest is up to the mailadmin, as IANA/IETF wisely recognize that user-MUA
client to server-MSA host submission is a *local* issue.
RTFRFC
Bill
