ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] SMTP Over TLS on Port 26 - Implicit TLS Proposal

2019-01-08 06:26:45
If rsftp gonna cause issue then yes we can go for another port.

Would 24 be better?


In my opinion the port number should be greater than port 25 to denote it's
the "superior" version of port 25.  Maybe I'm being silly here :-)

On Tue, Jan 8, 2019 at 5:38 PM Alessandro Vesely <vesely(_at_)tana(_dot_)it> 
wrote:

I like Viruthagiri's proposal.

On Mon 07/Jan/2019 13:33:39 +0100 John C Klensin wrote:
...
A simple TXT record saying "This domain's MTAs support
STARTTLS (and, possibly, optionally, this is the certificate
fingerprint)" would seem useful and not need anything else,
and would protect against STARTTLS downgrade for any sender
willing to support it.

Obviously it would be vulnerable to DNS pollution, but so
would the original proposal.

Please see at least one of Burt Hubert's "DNS Camel" pieces
and/or RFC 8324, and think about not only pollution/cache
poisoning but about the observation that DNS zone managers and
email administrators are often in separate departments with less
effective communication than one might like, before going down
that path.

Well, yes, tweaking host names in MX record would have been a nice hack.
As it
seems such a hack won't work well, however, it's better to save the camel a
useless burden altogether.  Perhaps, the probability of finding an smtps
service on port 26 can be advertised by some other means.

As for port 26, nmap reports[*] a seldom used, unofficial "rsftp" there:

# Fields : Service name, portnum/protocol, open-frequency, optional
comments
#
# [...]

telnet  23/tcp  0.221265
telnet  23/udp  0.006211
priv-mail       24/tcp  0.001154        # any private mail system
priv-mail       24/udp  0.000329        # any private mail system
smtp    25/tcp  0.131314        # Simple Mail Transfer
smtp    25/udp  0.001285        # Simple Mail Transfer
rsftp   26/tcp  0.007991        # RSFTP

Would 24 be better?

Rsftp seems to be a buggy ftp-like program.[†]  Google didn't help me to
find
much more.  There are some projects on github called rsftp[‡], but none of
them
is that one.

Best
Ale

--
[*] https://svn.nmap.org/nmap/nmap-services
[†] http://codegrazer.com/blog/rsftp-to-command-injection.html
[‡] https://github.com/tuzhao/rsftp
    https://github.com/cyroxx/rsftp
    https://github.com/Sage-Bionetworks/Rsftp
    https://github.com/rsWinAutomationSupport/rsFTPAdministration
(related)









_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp



-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] Current Thread [Next in Thread>