Andrew Gutkowski wrote:
You are interpreting this ALL wrong. The college has no requirements
about what smtp servers our users send through.
If that were true you do not have a problem. It probably is true, even
if there is no college policy (which I thought you said earlier, but
perhaps I misunderstood). By publishing SPF or the likes they are
stating a policy at least on a technical level.
Our user's ISP has this
requirement.
No, the ISP only has the requirement that outbound port 25 connections
be through their mail server. That is not the same as saying all
outbound email has to go through their mail server.
The ISP requires that all outgoing smtp traffic on their
network be routed through their smtp server, even if it is not their
email users.
Unless they are also blocking port 587, that is still not true. See above.
The ISP is blocking port 25, not the college. Our email
users who are connected to the ISPs network are required to send their
college email through the ISPs smtp server.
And so they should if they want to connect to a mail server on port 25.
Should I say that one more time??
No, there is a misunderstanding, but I do understand.
Terry
terry(_at_)ashtonwoodshomes(_dot_)com 4/14/2005 4:13:22 PM >>>
Andrew Gutkowski wrote:
Herein lies the problem. We have users outside of the college who
are
using an ISP which blocks port 25. Our mail server does not support
port 587, at least that I am aware of. This means we cannot use
smtp
auth or use sasl over port 587.
Interesting, so the University requires users to send their email via
the university servers no matter what, but does not give them the means
to do so when they are remote.
There is a problem here, and although SPF exposes the problem, SPF is
*not* the actual problem. Note that even CSV,PRA, etc will all cause
you mail failures on your Universities current policy of "You must use
our servers but we are not going to give you the means to use our
server
from remote".
Rock, hard place: meet Andrew. :)
Terry
stuart(_at_)bmsi(_dot_)com 4/14/2005 3:59:17 PM >>>
On Thu, 14 Apr 2005, Andrew Gutkowski wrote:
would not send it back to our smtp agent. In fact, wouldn't this
make
thigs worse. The ISPs smtp agent would reject the mail because the
user
does not exist on that mail server. Please correct me if I am
understanding smtp_auth incorrectly.
The point of SMTP AUTH is that the users would connect to the
college
servers *instead* of the ISP servers. The AUTH part ensures that
only
authorized users can do so (so the college servers do not become
open relays). The point of using port 587 is that many ISPs block
outgoing
port 25 beyond the ISP to cut down on outgoing spam.
The same would apply to pop before smtp. The college's users are
connecting to the college's smtp agent to pop mail and then
connecting
to the ISPs smtp server to send mail.
Again, the users would connect to the college server to send mail,
and the POP authorization is kludgey way to authorize that and
prevent an open relay when SMTP AUTH can't be used for some reason.
The end result is that if your users want to send mail with a MAIL
FROM
domain of 'college.edu', they MUST use the smtp servers you
designate.
If they
are outside the campus, they must use those servers via SMTP AUTH
(on
port
587 in case the ISP blocks 25).
--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085