On Thursday, February 3, 2005, 18:35:58, Duane Hill wrote: > On Thursday, February 3, 2005 at 10:55:30 PM, [EMAIL PROTECTED] confabulated: >> On Wednesday, February 2, 2005, 21:15:22, Marc Funaro wrote: >>> The email looks like it's coming from the server itself, but since 587 is >>> SMTP AUTH only, we have control over who's sending using that port >> On Wednesday, February 2, 2005, 21:52:02, Matt wrote: >>> The RFC is AUTH-only, but not in practice until IMail supports it. For >> Which RFC are you guys referring to? >> If its RFC 2476 Message Submission it does not *require* authentication. >> Look at section "6. Optional Actions" where it says >> "The MSA MAY do any of the following:" >> followed by section "6.2. Require Authentication" >> "The MSA MAY issue an error response to the MAIL FROM command if the >> session has not been authenticated." >> The key word "MAY" means its optional. > > Or is it stating that it is optional to give an error if the > connection is not authenticated.
Its stating that a Message Submission Agent (MSA) "MAY" require authentication but it doesn't have to (keyword "MUST") in order to be compliant. > I just turned on port 587 on our backup MX server to test and YES > authentication IS required. > As soon as I issued the MAIL FROM, the server responded with the > '530 ... you must authenticate ...' message. So that specific MSA does require authentication in order to submit a message. I'm not arguing that an MSA shouldn't require authentication, that would be ludicrous in this day and age. I'm simply pointing out that authentication is *not* an RFC 2476 requirement although it does permit it. -- [EMAIL PROTECTED] "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." � Ambassador Kosh To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
