[LINK] Question re spoofing with bad reply address

Stephen Rothwell sfr at rothwell.id.au
Fri Jul 11 17:05:35 AEST 2014


Hi Jeremy,

On Fri, 11 Jul 2014 15:35:54 +1000 Jeremy Visser <jeremy at visser.name> wrote:
>
> On 11/07/14 14:27, Stephen Rothwell wrote:
> > Well, if for no other reason than that many ISPs insist that you use
> > their mail server for outgoing email
> 
> Who does this?  I would invite you to name-and-shame them.
> 
> But before you do so, check that you are sending outbound as port 587
> (STARTTLS) or 465 (TLS).  It's common for providers to block port 25 due
> to rampant abuse, but as all port 587 or 465 based services are
> authenticated relays, there is no need to block this.

Of course I was referring to port 25.  Quite a lot of popular mail
clients still prefer to send email to a server on that port.  Did you
miss the bit where I said that "most of them are not very tech savvy".
I volunteer with a local community group (ex small ISP) that provides
email service for its members and we have had an enormous amount of
trouble just trying to get them all to use any sort of SSL/TLS to talk
to our server.   Every mail client seems to configure it differently
and uses different terminology.  :-(

And some clients don't seem to have even heard of port 587 - STARTTLS
was only originally codified in 1998, made a draft standard in 2006 and
standardised in 2011.  Imagine using such new fangled stuff!  :-)

As an aside: you are aware that SMTPS over port 465 was withdrawn in
1998 (the year after it was originally assigned), and 465 never
*required* authentication (in fact it could be used by MTAs to
communicate).

-- 
Cheers,
Stephen Rothwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20140711/172436ee/attachment.sig>


More information about the Link mailing list