Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Remote email access

  • From: Eliot Lear
  • Date: Thu Jan 30 22:27:57 2003


It's a rare day when I differ with Dave over mail standards, so something's weird.

Dave Crocker wrote:
Some current choices:

Email standards provide for posting of email to the usual port 25 or to
port 773 for the newer "submit" service. (Submit is a clone of SMTP that
operates on a different port and is permitted to evolve independently of
SMTP, in order to tailor posting by originators, differently from
server-to-server email relaying.) There is also a de facto standard for
doing SMTP over SSL on port 465, although this collides with the IANA
assignment of that port to another service.
The submission port, according to IANA is 587. I'm not a fan. I also think experience has shown that it is POSSIBLE to protect port 25 appropriately. It's just a matter of doing it...

See http://www.iana.org/assignments/port-numbers

Standardized SMTP authentication uses the SMTP Auth command or the SASL
service within SMTP. It can also use the de fact "POP hack". All 3 of
these mechanisms are inline -- as part of the posting protocol -- so
that they work over whatever port is being used for posting.

Standardized privacy for SMTP uses SMTP over SSL or it uses SMTP with
SASL.  SASL can be used on any SMTP or Submit port.  SSL can only be
used on port 25 if the SMTP service is not available to other SMTP
servers for relaying (or, really, for last-hop SMTP delivery).
Although Dave is correct about SSL, RFC 3207 discusses the use of TLS for purposes of encryption AND authentication. I use this for my own sendmail. The biggest problem is ensuring that appropriate certificates are installed. Most of the common MUAs I tested have a way to do it, but it's messy (to say the least).

Eliot






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.