spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: spf

2005-04-14 13:13:22
from [Terry Fielder] [Permanent Link] 


Andrew Gutkowski wrote:

Herein lies the problem.  We have users outside of the college who are
using an ISP which blocks port 25.  Our mail server does not support
port 587, at least that I am aware of.  This means we cannot use smtp
auth or use sasl over port 587.
Interesting, so the University requires users to send their email via the university servers no matter what, but does not give them the means to do so when they are remote.
There is a problem here, and although SPF exposes the problem, SPF is *not* the actual problem. Note that even CSV,PRA, etc will all cause you mail failures on your Universities current policy of "You must use our servers but we are not going to give you the means to use our server from remote". 

Rock, hard place: meet Andrew.  :)

Terry






stuart(_at_)bmsi(_dot_)com 4/14/2005 3:59:17 PM >>>


On Thu, 14 Apr 2005, Andrew Gutkowski wrote:



would not send it back to our smtp agent.  In fact, wouldn't this


make


thigs worse.  The ISPs smtp agent would reject the mail because the


user


does not exist on that mail server.  Please correct me if I am
understanding smtp_auth incorrectly. 


The point of SMTP AUTH is that the users would connect to the college
servers *instead* of the ISP servers.  The AUTH part ensures that only
authorized users can do so (so the college servers do not become
open relays).  The point of using port 587 is that many ISPs block
outgoing
port 25 beyond the ISP to cut down on outgoing spam.



The same would apply to pop before smtp.  The college's users are
connecting to the college's smtp agent to pop mail and then


connecting


to the ISPs smtp server to send mail.



Again, the users would connect to the college server to send mail,
and the POP authorization is kludgey way to authorize that and
prevent an open relay when SMTP AUTH can't be used for some reason.

The end result is that if your users want to send mail with a MAIL
FROM
domain of 'college.edu', they MUST use the smtp servers you designate. If they 
are outside the campus, they must use those servers via SMTP AUTH (on
port
587 in case the ISP blocks 25).



--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: spf, Roger B.A. Klorese
Next by Date:  Re: spf, dejanspf
Previous by Thread:  Re: spf, dejanspf
Next by Thread:  Re: spf, Terry Fielder
Indexes:  [Date] [Thread] [Top] [All Lists]