Why do so few mail providers support Port 587?

• Previous message (by thread): Why do so few mail providers support Port 587?
• Next message (by thread): Why do so few mail providers support Port 587?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

andrew2 at one.net wrote:

>owner-nanog at merit.edu wrote:
>  
>
>>On Thu, Feb 24, 2005 at 04:02:20PM -0700, Smoot Carl-Mitchell wrote:
>>
>>    
>>
>>>On Thu, 2005-02-24 at 17:14 -0500, Jim Popovitch wrote:
>>>      
>>>
>>>>If supporting one port is y hours of time and headache, then two
>>>>ports is closer to y*2 than y (some might argue y-squared).  587 has
>>>>some validity for providers of roaming services, but who else?  Why
>>>>not implement 587 behavior (auth from the outside coming in, and
>>>>accept all where destin == this system) on 25 and leave
>>>>        
>>>>
>>the rest alone?
>>    
>>
>>>I did run into a case where supporting port 587 was useful. I found
>>>out the hard way that one Internet service provider for hotels
>>>blocked outbound port 25, but not 587. So sending outbound mail to
>>>my mail relay would have been impossible without support for port
>>>587. 
>>>      
>>>
>>It's so funny. On this list many argued Port 25 outgoing must
>>be blocked only to notice, that users actually seem to need
>>it to send mail. Now we must configure our mailservers to
>>listen on 587 to circumvent these filters, that were stupid
>>in the first place.
>>
>>Now to my prophecy mode: Spammers will start using 587 to
>>spam, which we then also all block outgoing, notice again
>>that customers still want to send mail and open another port
>>... 652 maybe. But this in a "while (true)" loop until we run
>>out of ports.
>>    
>>
>
>That's being a bit disingenuous.  The discussion here hasn't been to
>open up port 587 to relay for all comers, but rather to open it up for
>authenticated use only.  If spammers start using it, then it's a result
>of either poor authentication security or an understaffed abuse
>department.  I'll agree with you on one thing, though -- the whole
>business of port 587 is a bit silly overall...why can't the same
>authentication schemes being bandied about for 587 be applied to 25,
>thus negating the need for another port just for mail injection?
>
>Andrew
>
>
>  
>
In this while loop the break is that when authenticated customers abuse 
the authenticated service they will be terminated, not the service.

I do not see a repeat step here.

Oh you mean un-authenticated direct-to-mx spammable 587? Yes please, 
keep that turned off.

We need 587 because trusted authentication in SMTP does not transit with 
the message. So there is no way to require authenticated email only from 
all systems that would be worth a damn. Therefore, the goal is to corall 
the message submitting users onto authentication required gateways into 
the smtp network and reserve the ability to only allow port 25 to known 
servers.

• Previous message (by thread): Why do so few mail providers support Port 587?
• Next message (by thread): Why do so few mail providers support Port 587?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]