spf-discuss
[Top] [All Lists]

Re: spf

2005-04-14 13:07:49
But our smtp server is not listening on port 587.  Would we have to set
up a second smtp server and have it listening on port 587 just for these
users?

terry(_at_)ashtonwoodshomes(_dot_)com 4/14/2005 4:05:32 PM >>>
With SMTP AUTH the user does NOT use the ISP's mail server, he connects

directly to the College's mail server (usually on port 587, because
many 
ISP's block port 25 to prevent zombies).

This works because although many ISP's block port 25, they don't block
587.

Read on for direct answers to your questions.

Terry

Andrew Gutkowski wrote:
That still doesn't help since our (the college's) users are not
connecting to our smtp agent.  
Yes they would be, that is the very intention of SMTP AUTH, connect to
a 
remote mail server whose LAN (or relay accepted IP's) you are currently

not using.

They are connecting to the ISPs smtp
agent to send mail with their college accountsl.  Using smtp auth
still
would not send it back to our smtp agent.  
SMTP AUTH says remote user can relay through this mail server because 
they authenticated themselves as an authorized user of this mail server

despite they are not on the LAN.


In fact, wouldn't this make
thigs worse.  The ISPs smtp agent would reject the mail because the
user
does not exist on that mail server.  Please correct me if I am
understanding smtp_auth incorrectly.  
SMTP AUTH bypasses the ISP mail server altogether.  Hopefully that 
clears it up: The client on the ISP network does not connect to the ISP

mail server, but connects directly to the remote College's server.



The same would apply to pop before smtp.  The college's users are
connecting to the college's smtp agent to pop mail and then
connecting
to the ISPs smtp server to send mail.
Nope, they connect to the colleges server to pop and smtp.

Terry





terry(_at_)ashtonwoodshomes(_dot_)com 4/14/2005 1:05:28 PM >>>

All kinds of servers that don't (or cannot) implement SMTP AUTH aka
SASL 
on port 587 can use "pop before SMTP" whereby the SMTP daemon
basically

looks at the logs for the pop daemon, and if said connecting IP 
successfully authenticated with POP just recently then it is safe to
say 
that IP is authorized to use (and hence relay through) the mail
server.

This (generally) requires your inbound and outbound mail servers to
be

the same server.

Terry

william(at)elan.net wrote:

On Thu, 14 Apr 2005, Andrew Gutkowski wrote:


Does anyone know if GroupWise supports SASL over port 587?


I don't think so, but don't take my word on it as I've not worked

with 

Novell for a while. Note though that 587 is just like normal SMTP,

but

with required authentication, but you could drop that "required"
part

and

just setup separate instance of mail server on different port

(possibly 

it'd have to be separate machine sharing network user

configuration).

I have never heard of this before.  If they don't, we will have to 
remove our SPF records because we cannot have users email blocked
by


other email servers.


I'm curious what Groupwise & SASL (or rather port 587 SUBMIT) has to

do 

with SPF in your setup? Or do you mean that you're willing to let

all

your users come in and mail through your system?




-- 
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com 
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/ 
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf 
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>