Mail Submission Protocol

Franck Martin franck at genius.com
Wed Apr 21 23:07:44 UTC 2010


Consider also smtps port which should be treated like smtp port and not like submission port, or simply do not listen on smtps as TLS is available on smtp port via esmtp.

A lot of providers are now blocking smtp traffic from dynamic/residential IPs, and all clients support to enter submission port instead of smtp port. The advantage of this config, when you have a roaming user, they don't need to configure their email client depending on the network they are connecting to.

If you want to see the extend of the problem on your network just go to http://www.uceprotect.net/en/rblcheck.php and enter your AS/network and see how many of your clients are spamming due to mainly botnets.

----- Original Message -----
From: "Dave CROCKER" <dhc2 at dcrocker.net>
To: nanog at nanog.org
Sent: Thursday, 22 April, 2010 10:17:28 AM
Subject: Re: Mail Submission Protocol

On 4/21/2010 6:49 AM, Claudio Lapidus wrote:
> So we are considering ways to further filter this traffic. We are
> evaluating implementation of MSA through port 587.


RFC 5068, Email Submission Operations: Access and Accountability
Requirements, is a BCP. It specifies authenticated port 587 for email
submission across the
net.

As others have noted, it works well through a wide variety of access
environments. I don't remember the last time I found it blocked. I use
it over
TLS, of course.

Blocking of outbound port 25 for all hosts not explicitly authorized has
become common. The fact that 587 default to authenticated is the win.

d/
--

Dave Crocker
Brandenburg InternetWorking
bbiw.net




More information about the NANOG mailing list