ingress SMTP

Joel Jaeggli joelja at
Wed Sep 10 19:20:58 CDT 2008

Jay R. Ashworth wrote:
> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
>> On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
>>> You're forgetting that 587 *is authenticated, always*.
>> I'm not sure how that makes much of a difference since the usual spam  
>> vector is malware that has  (almost) complete control of the machine  
>> in the first place.
> Well, that depends on MUA design, of course, but it's just been pointed
> out to me that the RFC says MAY, not MUST. 
> Oops.
> Does anyone bother to run an MSA on 587 and *not* require authentication?

All my normal relay or lack thereof and delivery rules are in place on
my 587 port. Of course muas's and mtas will also do tls as well as
authentication over port 25 where available. I don't sea any reason to
preclude a host that would be allowed to relay via 25 to do so via 587...

Congruent policy makes administration simpler.

> Cheers,
> -- jra

More information about the NANOG mailing list