On Wed, Jan 28, 2004 at 05:37:59PM -0600, Phil Brutsche wrote: > <sending this to the list as well, since not enough people are doing the > proper research> > > >I left my ISP about 9 months ago because they implemented this very > >policy. It entirely destroyed my ability to send email from my preferred > >address. Our SMTP setup at example.com relays mail from people > >claiming to be @example.com if and only if they have been authenticated > >using a client X.509 certificate issued by the example.com root > >certificate authority. > > Then put SMTP on a different TCP port. RFC 2476, which specifies TCP > port 587 to be a message submission port for MUAs, was specifically > created to address this issue. OK. You get a cookie. You've heard of RFC 2476. Now read it and you can have another. From the RFC:
"A site MAY choose to use port 25 for message submission, by designating some hosts to be MSAs and others to be MTAs." Section 3.1 [emphasis in the original] Because of my ISP's suddenly BROKEN service, I was no longer able to operate in this RFC-compliant manner. This is in fact our preferred mode of operation at example.com, as it allows maximum client interoperability, or did anyway... It was our only mode of operation at that time. When this happened with my ISP, unannounced, we set the process in place to get the necessary holes punched in our firewalls and configure an extra instance of the smtp daemon on 587. This took weeks, and I still switched to a non-broken ISP. Our admins are not paid to work around ISPs who do not provide what they say they do, or suddenly and without notice stop doing so. At any rate, blocking port 25 is a half-assed solution to a problem that needs to be solved at the MUA, not the MTA or MSA. regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
