North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Why do so few mail providers support Port 587?

  • From: Jeff McAdams
  • Date: Tue Feb 15 21:36:47 2005

Thor Lancelot Simon wrote:
> On Tue, Feb 15, 2005 at 09:00:11PM -0500, Sean Donelan wrote:
>>Sendmail now includes Port 587, although some people disagree how
>>its done.  But Exchange and other mail servers are still difficult
>>for system administrators to configure Port 587 (if it doesn't say
>>click here for Port 587 during the Windows installer, its too

> This is utterly silly.  Running another full-access copy of the MTA
> on a different port than 25 achieves precisely nothing -- and this
> "support" has always been included in sendmail, with a 1-line change
> either to the source code (long ago) or the default configuration or
> simply by running sendmail from inetd.

> What benefit, exactly, do you see to allowing unauthenticated mail
> submission on a different port than the default SMTP port?

> Similarly, what harm, exactly, do you see to allowing authenticated
> mail submission on port 25?

> What will actually give us some progress on spam and on usability
> issues is requiring authentication for mail submission.  Which TCP
> port is used for the service matters basically not at all.

In general, I have agreed with your point of view in the past.  I will
say, however, that recently I have slightly retraced my position.

The only real benefit I see from it is that running multiple ports
allows the mail server to provide different policies for clients to use.

Ideally, this shouldn't be needed, but given that some mail client
software doesn't allow the configuration options that are needed in some
situations (Apple's absolutely infuriates me at times), there
are times that slightly different policies are needed, and the only
really good way to do that is to run them on different ports.

I guess you could think of it as having port 25 available for legacy
support as more and more stuff moves to 587.

authentication for mail submission would be wonderful if it were
ubiquitous...and I'm doing my part (this message, and all others from me
these days submitted to my ISP's system with SMTP AUTH over
TLS...incidentally, they had to configure 587 in order to get the
policies workable for the variety of mail clients that customers
used...sad but true, they had no choice while maintaining any semblance
of varied client support), alas, that day is still fairly far
off...though it is getting closer.

Attachment: signature.asc
Description: OpenPGP digital signature