how-to block ads
|
|
Share Topic
 |
 |
|
|
|
 koitsuPremium,MVM
join:2002-07-16
Mountain View, CA
kudos:14 | reply to bigchris
Re: [Spam] Comcast reporting spam from my IPsaid by bigchris:said by koitsu:I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose. It's really simple. You need to authenticate to send and to do that you need a valid comcast.net ID and you need to know the password. Plus it'll work on and off the comcast network so for those people that travel with laptops it's a win win. Ah ha! That explains it! Thanks for cluing me in here. I was under the impression Comcast only permits Comcast IPs to connect to smtp.comcast.net (regardless of port #). That is obviously not the case. The below telnets were done from our co-located servers:
$ telnet smtp.comcast.net 25
Trying 76.96.30.117...
Connected to smtp.g.comcast.net.
Escape character is '^]'.
220 OMTA10.emeryville.ca.mail.comcast.net comcast ESMTP server ready
QUIT
221 2.0.0 OMTA10.emeryville.ca.mail.comcast.net comcast closing connection
Connection closed by foreign host.
$ telnet smtp.comcast.net 587
Trying 76.96.30.117...
Connected to smtp.g.comcast.net.
Escape character is '^]'.
^]
telnet> close
Connection closed.
What I'm saying: if Comcast provided customer-only (e.g. you must be on the Comcast IP network to use these) SMTP servers, they wouldn't need SMTP AUTH for said clients.
Edit: Since your are familiar with the SMTP protocol, you must also know that the RFCs state 587 requires authentication whereas 25 doesn't, but it supposed to be used only between MTAs whereas 587 is a client submission port.
Bzzt. Read the RFC yourself, Sections 6.1 through 6.4 -- specifically, the use of the word MAY. Meaning: requiring authentication on port 587 is *optional*. It's entirely up to the mail server administrator. By default most mail servers (postfix, exim, sendmail) require SMTP AUTH, but you simply change the said flag to "no" and voila, it acts just like port 25. | |
 bigchrisDo Not Shoot The MessengerPremium,MVM
join:2002-04-29
Leesburg, VA | said by koitsu:Ah ha! That explains it! Thanks for cluing me in here. I was under the impression Comcast only permits Comcast IPs to connect to smtp.comcast.net (regardless of port #). That is obviously not the case. The below telnets were done from our co-located servers: What I'm saying: if Comcast provided customer-only (e.g. you must be on the Comcast IP network to use these) SMTP servers, they wouldn't need SMTP AUTH for said clients. Edit: Since your are familiar with the SMTP protocol, you must also know that the RFCs state 587 requires authentication whereas 25 doesn't, but it supposed to be used only between MTAs whereas 587 is a client submission port.
Bzzt. Read the RFC yourself, Sections 6.1 through 6.4 -- specifically, the use of the word MAY. Meaning: requiring authentication on port 587 is *optional*. It's entirely up to the mail server administrator. By default most mail servers (postfix, exim, sendmail) require SMTP AUTH, but you simply change the said flag to "no" and voila, it acts just like port 25. And if you look at the ISPs you are going to find nearly all of them require AUTH on 587. The RFC was written to provide the option since it's intended to move mail clients away from using port 25, but, most implementations are using it also as a way to authenticate.
As to your other point of Comcast IP only SMTP servers, that doesn't help with bot'd computers, hence the requirement to authenticate which takes out large numbers of abusive connections i.e. spam. | |
|
