said by koitsu:Ah ha! That explains it! Thanks for cluing me in here. I was under the impression Comcast only permits Comcast IPs to connect to smtp.comcast.net (regardless of port #). That is obviously not the case. The below telnets were done from our co-located servers:
What I'm saying: if Comcast provided customer-only (e.g. you must be on the Comcast IP network to use these) SMTP servers, they wouldn't need SMTP AUTH for said clients.
Edit: Since your are familiar with the SMTP protocol, you must also know that the RFCs state 587 requires authentication whereas 25 doesn't, but it supposed to be used only between MTAs whereas 587 is a client submission port.
Bzzt.
Read the RFC yourself, Sections 6.1 through 6.4 -- specifically, the use of the word MAY. Meaning: requiring authentication on port 587 is *optional*. It's entirely up to the mail server administrator. By default most mail servers (postfix, exim, sendmail) require SMTP AUTH, but you simply change the said flag to "no" and voila, it acts just like port 25.
And if you look at the ISPs you are going to find nearly all of them require AUTH on 587. The RFC was written to provide the option since it's intended to move mail clients away from using port 25, but, most implementations are using it also as a way to authenticate.
