On 2018-09-21 2:40 a.m., Per Jessen wrote:
Tough! Post 25 is unencrypted, unverified SMTP, aka free for anyone to use, including hackers, spammer broadcasters and scam artists who use it as an open relay. That is why port 465 &SSL/TLS are used, and why many ISPs also restrict, in various ways, access to known customers. Again, not true!
Well, people should stop thinking that a port number has any strict tie-in with encryption. It's just TCP/IP. Some port numbers have implicit encryption and every port number has optional encryption, period.
*sigh* yes, you can configure Postfix to listen on any port and use any port on a remote site via the Transport table. But just because you CAN doesn't mean you SHOULD.
It's not really about any _advantage_ of one port over another, it's about standards compliance.
And convention.
Port 587 and 465 are standardized
The whole RFC thing is a set of ongoing conventions, much of it came about by experiment. Along the way there were a few people trying to force their own proprietary 'standards' on the community, rather, than 'convention'. "Standards" emerge because they work for the community and are accepted. This is an ongoing process. Of course there are always mavericks ...
for email submission, port 25 is standardized for email exchange. You can do either over any other port, of course.
The whole point of things like Postfix's transport table is that it is not just port 25 for email EXCHANGE. While restricting an ISP's clients so that rouges cannot get past the firewall's restriction on using port 25 either at the ISP or past it, ISPs also need to do proper certified identification and authentication *between themselves*. Hence TLS and certificates and X.509 etc etc. BY CONVENTION, poet 25 is not encrypted and so it not used for this. And it is not just email in its various forms that uses TLS/X.509 for identification and authentication: https 443/tcp # http protocol over TLS/SSL [Kipp_E_B_Hickman] nntps 563/tcp # nntp protocol over TLS/SSL ldaps 636/tcp # ldap protocol over TLS/SSL domain-s 853/tcp # DNS query-response protocol run over TLS/DTLS ftps-data 989/tcp # ftp protocol, data, over TLS/SSL ftps 990/tcp # ftp protocol, control, over TLS/SSL telnets 992/tcp # telnet protocol over TLS/SSL tftps 3713/tcp # TFTP over TLS syslog-tls 6514/tcp # Syslog over TLS [RFC5425] ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL [RFC7194] davsrcs 9802/tcp # WebDAV Source TLS/SSL [Rob_Isaac] snmptls 10161/tcp # SNMP-TLS [RFC6353] snmptls-trap 10162/tcp # SNMP-Trap-TLS [RFC6353] heads up! How many sites do you access that use HTTP rather than HTTPS? Would you full in a form, registration, submit password or make payment via one of the former rather than the latter? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org