[Top] [All Lists]

Re: port number for smtp over ssl

2003-01-16 11:53:18

On Thu, 16 Jan 2003 12:12:11 EST, Keith Moore said:

465 is intended for message submissions.  because it is a new port,
it's reasonable to require authentication.  and because authentication is
required it's far less likely to be used as a means of relaying mail from
unauthorized parties.  also, having a separate port for message submission
provides an opportunity to provide additional processing that is 
appropriate at
message submission  (like rewriting message headers to add missing domains,
dates, etc., and/or rejecting messages which aren't perfectly formatted) but
not appropriate for mail relays.

I think Keith misspoke. I believe he intended to say 587, not 465.

And here I thought we already had 587 for that....

I've finally gotten enough caffeine, and it certainly seems like what this is
really advocating is "465 for those vendors too stupid to implement STARTTLS
on 587"?

Or SASL on 587. Or STARTTLS + SASL. Remember, authentication != TLS. And since
that is the case, one cannot assume a connection on 465 is authenticated. Heck,
it may not even be encrypted or integrity checked. As such, if 465 were to be
widely adopted it could easily end up being used for unauthenticated relay,
which would put it in the same boat as port 25.


<Prev in Thread] Current Thread [Next in Thread>