Re: Mail Submission Protocol

[Franck Martin <franck () genius com>]

Consider also smtps port which should be treated like smtp port and not like submission port, or simply do not listen 
on smtps as TLS is available on smtp port via esmtp.

A lot of providers are now blocking smtp traffic from dynamic/residential IPs, and all clients support to enter 
submission port instead of smtp port. The advantage of this config, when you have a roaming user, they don't need to 
configure their email client depending on the network they are connecting to.

If you want to see the extend of the problem on your network just go to http://www.uceprotect.net/en/rblcheck.php and 
enter your AS/network and see how many of your clients are spamming due to mainly botnets.

----- Original Message -----
From: "Dave CROCKER" <dhc2 () dcrocker net>
To: nanog () nanog org
Sent: Thursday, 22 April, 2010 10:17:28 AM
Subject: Re: Mail Submission Protocol

On 4/21/2010 6:49 AM, Claudio Lapidus wrote:
> So we are considering ways to further filter this traffic. We are
> evaluating implementation of MSA through port 587.


RFC 5068, Email Submission Operations: Access and Accountability
Requirements, is a BCP. It specifies authenticated port 587 for email
submission across the
net.

As others have noted, it works well through a wide variety of access
environments. I don't remember the last time I found it blocked. I use
it over
TLS, of course.

Blocking of outbound port 25 for all hosts not explicitly authorized has
become common. The fact that 587 default to authenticated is the win.

d/
--

Dave Crocker
Brandenburg InternetWorking
bbiw.net