[TriLUG] OT: ATT UVerse internet access

matt at noway2.thruhere.net matt at noway2.thruhere.net
Thu Mar 31 15:43:51 EDT 2011 

> On 3/31/2011 2:47 PM, Matt Pusateri wrote:
>> <snip>
>> me(matt at myficticiousdomain.org) from using your server to send my email.
>>  When I send email as
>> matt at myficticiousdomain.org through mail.webperformance.com, I am then
>> relaying mail through your
>> mail server.  This relaying of mail can happen for two primary reasons.
>> 1. Your mail server
>> could be an open relay allowing anyone to send unauthenticated mail
>> through it.  2. I could have
>> an account on your mail server say matt at webperformance and I c ould
>> authenticate to
>> mail.webperformance.com and send mail from my personal domain of
>> matt at myficticiousdomain.org.
>> <snip>
>> Does that make it more clear?
>
> That confirms that my understanding of "relaying" is correct.  But then I
> don't see how
> the port 587 helps. The earlier comment was:
>
> "SMTP-with-authentication-by-default; no relaying. The well-known port is
> 587. See RFC2476."
>
> If there is no relaying, then I could not use that port to send e-mail to
> our customers.
> Or am I mis-understanding the "no relaying" part...or taking it out of
> context?
>
Without referring to the RFCs, I am going to hazard a semi-educated guess
that the default intended behavior for an SMTP on port 25 is to relay
towards the next mail hop.  In other words, by default, I suspect that the
original intention was that most, or all, SMTP servers would be open as
this would have been in keeping with the philosophy upon which the
Internet was formed.

Port 587, then would be for submission of mail into a server using
authentication.  If your business' SMTP server is listening on port 587,
you can still send mail to clients via your business' mail server.   You
would have to configure your email application (MUA) as outbound on port
587.

As another post said, though, blocking outbound port 25 would make things
difficult for the ISP - in that presumably you are sending mail to their
SMTP server.  Blocking inbound would keep you from running a mail server. 
However, wouldn't the traffic need to be bi-directional to even send mail
as the protocol uses handshaking.  Perhaps they use a state-aware filter
that blocks NEW inbound connections but allows related or established
ones?

More information about the TriLUG mailing list