sendmail configuring port numbers Let's try again.
Ben Scott
dragonhawk at gmail.com
Fri Oct 16 00:47:42 EDT 2009
On Fri, Oct 16, 2009 at 12:25 AM, Steven W. Orr <steveo at syslang.net> wrote:
> It seems that by default, sendmail listens on ports 25 and 587. Things that
> come in on 25 are tagged as MTA. Things that come in on 587 are tagged as MSA.
Sendmail doesn't even tag the messages that are coming in. It's
just a different set of options are applied to each daemon instance.
As I mentioned, the chief difference is that MSA requires SMTP
authentication for everything.
> It seems that sendmail
> allows for the MSA to be disabled, but the Bat Book goes out of its way to
> suggest that you should not.
Eh... my guess is that, since the Bat Book is written by Eric
Allman, and Eric Allman is one of the architects of SMTP, the Bat Book
might have some "SMTP purist" attitudes. Programs like Thunderbird
are not proper SMTP MTA implementations, so technically, they don't
have any business connecting to TCP/25, which is reserved for MTAs.
They "should" connect to TCP/587, which is reserved for SMTP MSAs.
In practice, since the two are basically identical, it really
doesn't matter. You can disable the MSA if you like. In the past, I
did this routinely, and it never caused trouble.
> I'm just curious about this and I was wondering if 587 was somehow running
> under a different authentication scheme. e.g., If I'm outside, then I should
> use Port 25 with TLS, but on the inside use 587 with no TLS.
Authentication methods are negotiated during the SMTP protocol
handshake, so they're flexible there.
Again, the major practical difference is that MSA started out safe
against SMTP MTA "open relay" hijacking.
> BTW, this message is comeing to you via my 587. ;-)
I was tempted to do something goofy, like reverse all the characters
in your text, just to get you going, but I'm too tired to go to the
effort right now. ;-)
-- Ben
More information about the gnhlug-discuss
mailing list