Mailing List Message #92255
From: Nicolas Hatier <>
Subject: Re: port 587 and authentication
Date: Thu, 16 Aug 2007 12:50:10 -0400
To: CommuniGate Pro Discussions <>

If I'm not mistaken, port 587 requires AUTH for all return-paths and can't be abused that way.


Bret Miller wrote:
On Wed, 15 Aug 2007 16:13:18 -0700
  Thom O'Connor <> wrote:

Yes and no. It forces auth for "mail from" addresses in that domain, but
anyone could still connect to port 587 if it's open and send mail from
another domain to your server. I think it's only a matter of time before
spammers figure out how to abuse this if it's common practice to allow
unauthenticated traffic on commonly-known ports other than 25. 

IMHO, all mail servers need to start offering a setting to require
authentication on on specific ports to prevent that. Obviously, you can't
require auth for everyone on port 25. But you can and should be able to on
other ports. 

That said, even the ability to do it on port 25 might be helpful if you want
your traffic routed through a filtering server. Then only authenticated
traffic would be accepted on your mailbox server. 

And it might be helpful to be able to require auth only for non-clients so
that you can accept unauthenticated traffic for only that filtering server.




Nicolas Hatier
Niversoft idées logicielles

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster