port 587

Otmar Lendl ol at bofh.priv.at
Thu Mar 20 19:05:22 CET 2008


On 2008/03/20 14:03, Alain Spineux <aspineux at gmail.com> wrote:
> On Thu, Mar 20, 2008 at 1:45 PM, Tobias Oed <tobias.oed at octant-fr.com> wrote:
> > Hello,
> >  some of my users are having problems reaching my server through port 25
> >  because their isp blocks that port. I tell them to use ssl and port 465
> >  and things work. I was wondering why kolab wasn't listening on port 587
> 
> Nobody know about port 587, nobody use it !
> 

Some people do. My included. I sometimes use an open hotspot which does
not allow port 25 connections to the Internet.

> Port 587 must be able to do the same job as port 25, their is no difference
> between sending or receiving and email when you send an email to
> yourself on your own server!

The crucial point is ".. to yourself on your own server".
How can an ISP tell the difference? 

He can't. He only knows:

* connections to port 25 can be used to transmit spam to all mailservers
* connections to port 587 require that the client authenticates at that
  server using AUTH, thus these connections cannot be used to dump
  spam at random servers.

> Then why have 2 ports ?
> When someone came with port 587 long time ago, SPAM was "unknown" and
> openrelay was "the rules".

Quite the contrary. Mail submission on port 587 combined with out-going
port 25 filtering is one of the simplest ways to stop zombified customers
from spamming.

Port 25 filtering for residential customers is mandated by the local
telecom regulator in Finland. See
http://www.ficora.fi/en/index/palvelut/palvelutaiheittain/tietoturva/svt/kayttaja/kaytannonkysymyksia.html

/ol
-- 
-=-  Otmar Lendl  --  ol at bofh.priv.at  -=-




More information about the users mailing list