[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Finding a replacement for my ISP's smtp server

On Mon 28 Jul 2014 at 22:12:09 +0100, Joe wrote:

> On Mon, 28 Jul 2014 18:16:23 +0100
> Brian <ad44@cityscape.co.uk> wrote:
> 
> > Port 25 then becomes used only for incoming messages to be sent to
> > domains the server is responsible for? If so, that doesn't appear any
> > different from the present situation. For relaying a login is
> > perfectly understanable, but it can be done on port 25 too. What
> > makes port 587 necessary?
> 
> Simply to provide a standard port on which authentication is expected
> and used, leaving 25 for unauthenticated mail. An email sent to an
> arbitrary address will be unauthenticated, because none of us have
> authentication credentials for all the world's mail servers.
> Unauthenticated mail will be delivered only *to* the domains the
> receiving server is authoritative for, or relayed *to* anywhere, but
> only *from* domains which are explicitly configured in the server. I
> think the very basic Debian setup of exim4 allows the entry of such
> permitted relaying domains, and certainly the full configuration file(s)
> does so.

Thanks. Due to your post and speed reading an RFC or two I think I now
have a better understanding of what the IETF's intentions are. They do
not include encouraging the blocking of outbound port 25. However, in an
earlier mail

  https://lists.debian.org/debian-user/2014/07/msg01614.html

I said

   You have to authenticate yourself when you join your ISP's network.
   No further authentication is needed to use their SMTP server; you
   are a trusted user so TLS is therefore not required.

This is incorrect. I was working off my experience of my ISP's network
and my own. It may not be needed but an ISP can require authentication
to send mail in spite of knowing a machine is legitimately on its
network. 

The reason for doing it given is generally along the lines of:

   Much of the current use of port 25 is by computers that have been
   infected by malware and are sending spam without the knowledge of
   the users of those computers. Port 587 improves security through
   the use of required authentication and recommended TLS/SSL
   encryption. 

What I do not understand is what prevents the malware (assuming it can
signicantly control the machine) from using the same authentication to
send spam as before. Isn't this back to square 1?
Reply to: