为什么要说服开发人员使用端口587进行所有SMTP通信? | 为什么要说服开发人员使用端口587进行所有SMTP通信

本文介绍了为什么要说服开发人员使用端口587进行所有SMTP通信?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

使用端口587进行所有客户端到MTA通信的趋势正在增长.它在标准路径RFC中: http://www.ietf.org/rfc/rfc2476.txt

There is a growing trend to use port 587 for all client to MTA communications. It's in a standards track RFC: http://www.ietf.org/rfc/rfc2476.txt

我的问题是为什么?".如果两个SMTP服务器的实例执行相同的操作，为什么它们在同一服务器上运行?它提供了什么安全功能，除了给我提供了两点以管理员身份进行故障排除的功能.

My question is "Why?". Why have 2 instances of a SMTP server running on the same server, if they both do the same thing? What security feature does it provide, besides giving me 2 things to troubleshoot as an administrator.

这似乎是不必要的复杂操作，除非ISP阻止了端口25.即使那样，如果ISP阻止了端口25以防止垃圾邮件，也仅意味着将花费更多时间直到587端口被关闭.也被阻塞了，我们将不得不完全使用其他端口.

This just seems like unnecessary complication that isn't needed unless the ISP blocks port 25. Even then, if the ISP is blocking port 25 to prevent spam, it just means it will just take a little more time until port 587 is blocked too, and we will have to use a different port altogether.

似乎我们正在为自己创造更多的工作，而不是先解决问题并开始验证SMTP

Just seems like we are creating more work for ourselves rather then solving the problem and authenticating SMTP to begin with

推荐答案

请参阅.

http://www.uceprotect.net/downloads/MAAWGPort25English.pdf

我认为您缺少的是仅对587端口进行身份验证.无论接收者是否是本地用户，都不应在端口587上接受未经身份验证的电子邮件.我们(作为ISP)会阻止出站端口25，以防止直接发送至MX垃圾邮件.例如，从有漏洞的计算机中获取.为了阻止我们的住宅/动态用户群在端口25上发送出站邮件(我们仍然允许从端口25的IP空间进行未经身份验证的中继)，滥用报告下降了85％以上.

I think what you are missing is the port 587 is authenticated only. You shouldn't accept unauthenticated email on port 587, regardless if the recipient is local or not. We (as ISPs), block outbound port 25 to prevent direct-to-mx spam. For example from botted computers. In blocking our residential/dynamic user base from sending outbound on port 25 (we still allow un-authenticated relay from our IP space on port 25), yielded an 85+% percent drop in abuse reports.

ISPS不会开始阻止587(嗯，他们不应该阻止587，因为它不是MTA到MTA的使用，只有MUA到MTA，因为它是提交端口).而且它使管理更加容易.同样，在MTA方面，强制所有本地用户进行身份验证可以更轻松地缓解垃圾邮件.当他们的盒子被拥有时，偷猎他们的smtp信贷员.您需要做的就是禁用他们的帐户/密码.通过ip使用中继时，您需要阻止它们连接到邮件服务器(我们通过动态地将ACL应用于其DSL/电缆连接来实现此目的).

ISPS are not going to start blocking 587 (Well they shouldn't since it isn't for MTA to MTA use, only MUA to MTA, since it is the submission port). And it allows for much easier management. Also on the MTA side, forcing all of your local users to authenticate makes it way easier for spam mitigation. When their box gets owned, and poaches their smtp creditionals. All you need to do is disable their account/password. When using relay by ip, you need to block them from connecting to the mail server (we do this by dnyamically applying an ACL to their DSL/Cable connection).

如果要同时编写MUA和MTA，则需要同时支持，如果是MUA或发送电子邮件，则应默认为587尝试TLS和smtp auth，并且仅失败回到465 ，如果失败，则为25.

If you are writing either and MUA or an MTA, you need to support both, and in the case of MUA or something the sends email, it should default to 587 attempting TLS, and smtp auth, and only fail back to 465, 25 if that fails.

这篇关于为什么要说服开发人员使用端口587进行所有SMTP通信?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！