[Top] [All Lists]

Re: port number for smtp over ssl

2003-01-16 09:55:03
On Thu, 16 Jan 2003 07:39:49 PST, Dave Crocker said:
Hmmm. I focused so much on the existence of the practise that I probably
did not pursue a second point adequately:

   The views expressed on this list are directly in conflict with the
   views expressed among the ops community about blocking outbound port
   25 through firewalls.

This kills travellers. (And, no, simply using the "local" SMTP server is
not viable, primarily for reasons of trust, but also some concern for
reliability, given how differential ISP mail service is.)

While I sympathize with Dave's concerns here, and agree that trying to do
SMTP while roaming is a problem, there's something I'm failing to understand

If an ISP will firewall port 25 due to spamming concerns, what is stopping
them from firewalling port 465 as well, besides lack of clue and/or lack of
actual use of the port?

We codify 465, spammers start using it, ISPs block it, game over.

Now, I suppose that we *COULD* say "but you should be using AUTH or similar",
so that it's not usable for open relaying/injection. But then the correct
answer is "Use STARTTLS and/or AUTH on 25 and 587".

Are there any scenarios that are *NOT* addressed with the proper combination
of STARTTLS and AUTH using port 25 for relay and 587 for initial submission?
And does the current use of port 465 solve the scenario in any fashion *OTHER*
than "it happens to work with some software currently"?

The mere fact that some sites deployed something else before the STARTTLS
got to RFC status doesn't mean it's a Good Idea - if it were, we'd have written
THAT up instead....

At a minimum, there needs to be some dialogue between the ops community
and the email community to resolve this.

This seems much more reasonable.  Encouraging the proper use of port 587 would
be more productive....
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: pgpSs3a3PG6Bd.pgp
Description: PGP signature