Remote email access

Dave Crocker dcrocker at brandenburg.com
Fri Jan 31 05:24:01 UTC 2003


Eliot,

Thursday, January 30, 2003, 7:25:05 PM, you wrote:
EL> The submission port, according to IANA is 587.

Sorry about that detail.  I searched the IANA port assignment file for
'submit' rather than 'submission'.

Luckily, the error does not affect the core concern I am raising.


EL> I'm not a fan.  I also
EL> think experience has shown that it is POSSIBLE to protect port 25 
EL> appropriately.  It's just a matter of doing it...

EL> See http://www.iana.org/assignments/port-numbers

Recently I had protracted discussions with a number of Ops folks about
this issue and have chosen to drop that debate. I do not agree with
blocking port 25, either, but am far more concerned about having a
coherent, workable means of remote access than I am about it being the
particular one I prefer.

As long as it is technically adequate and supported broadly (ie,
predictably) by service providers and software providers, the details
frankly do not matter to me.


>> Standardized privacy for SMTP uses SMTP over SSL or it uses SMTP with
>> SASL.  SASL can be used on any SMTP or Submit port.  SSL can only be
>> used on port 25 if the SMTP service is not available to other SMTP
>> servers for relaying (or, really, for last-hop SMTP delivery).

EL> Although Dave is correct about SSL, RFC 3207 discusses the use of TLS
EL> for purposes of encryption AND authentication.  I use this for my own
EL> sendmail.  The biggest problem is ensuring that appropriate certificates
EL> are installed.  Most of the common MUAs I tested have a way to do it,
EL> but it's messy (to say the least).

Thanks for the clarification.  Unfortunately it mostly means there are
even more choices to make and, therefore, less predictability and,
therefore, less interoperability at Internet scale.

d/
-- 
 Dave <mailto:dcrocker at brandenburg.com>
 Brandenburg InternetWorking <http://www.brandenburg.com>
 t +1.408.246.8253; f +1.408.850.1850




More information about the NANOG mailing list