Remote email access

Fri Jan 31 03:25:05 UTC 2003

It's a rare day when I differ with Dave over mail standards, so 
something's weird.

Dave Crocker wrote:
> Some current choices:
> 
> Email standards provide for posting of email to the usual port 25 or to
> port 773 for the newer "submit" service. (Submit is a clone of SMTP that
> operates on a different port and is permitted to evolve independently of
> SMTP, in order to tailor posting by originators, differently from
> server-to-server email relaying.) There is also a de facto standard for
> doing SMTP over SSL on port 465, although this collides with the IANA
> assignment of that port to another service.

The submission port, according to IANA is 587.  I'm not a fan.  I also 
think experience has shown that it is POSSIBLE to protect port 25 
appropriately.  It's just a matter of doing it...

See http://www.iana.org/assignments/port-numbers

> 
> Standardized SMTP authentication uses the SMTP Auth command or the SASL
> service within SMTP. It can also use the de fact "POP hack". All 3 of
> these mechanisms are inline -- as part of the posting protocol -- so
> that they work over whatever port is being used for posting.
> 
> Standardized privacy for SMTP uses SMTP over SSL or it uses SMTP with
> SASL.  SASL can be used on any SMTP or Submit port.  SSL can only be
> used on port 25 if the SMTP service is not available to other SMTP
> servers for relaying (or, really, for last-hop SMTP delivery).

Although Dave is correct about SSL, RFC 3207 discusses the use of TLS 
for purposes of encryption AND authentication.  I use this for my own 
sendmail.  The biggest problem is ensuring that appropriate certificates 
are installed.  Most of the common MUAs I tested have a way to do it, 
but it's messy (to say the least).

Eliot