[pfx] Re: Open relay clarification

> It was common practice to allow your (from the ISP PoV) clients to submit > mail via SMTP, through port 25 on your mailserver. Some ISPs still do this. > The client authentication here is done via client IP address, no further > checks. > > Next, enciphered and authenticated mail submission beca

[pfx] Re: Open relay clarification

On 17.04.23 13:38, Tyler Montney via Postfix-users wrote: Before getting started, this has been publicly disclosed by someone else a while ago. However, I still don't think it's necessary to name the organization to explain myself. My goal here is not only to give a proper argument to the provide

[pfx] Re: Open relay clarification

Dnia 18.04.2023 o godz. 12:11:06 Tyler Montney via Postfix-users pisze: > > - mail for all local domains coming in on port 25 should be accepted (of > > course considering all usual restrictions - the recipient exists, the > > sending IP is not on a blacklist etc.) > > > > - mail for all non-local

[pfx] Re: Open relay clarification

> By "local", I mean here the domains for which that particular server is the > final destination, ie. the mail delivered locally and the server "knows" > what to do with it. I can't find anything more on what *local* is per the RFC, just that it must be defined. Based on that, I guess any argumen

[pfx] Re: Open relay clarification

Dnia 17.04.2023 o godz. 19:59:48 Tyler Montney via Postfix-users pisze: > And that's a definition I've been struggling with: What is *local* in > relation to SMTP? By "local", I mean here the domains for which that particular server is the final destination, ie. the mail delivered locally and the

[pfx] Re: Open relay clarification

> One important information is missing here: on what port? Good catch. Port 25. > There should be no authentication on port 25 and all mail destined for local > domains should be accepted. > > There should be mandatory authentication on ports 465/587. > > As both acme.com and corley.com

[pfx] Re: Open relay clarification

Dnia 17.04.2023 o godz. 14:49:11 Noel Jones via Postfix-users pisze: > Please keep replies on list. > > On 4/17/2023 2:16 PM, Tyler Montney wrote: > >I'll put it this way, since I'm struggling to word this: > > > >Provider A contains the following customers: > >Acme Corporation (acme.com

[pfx] Re: Open relay clarification

On 4/17/2023 3:59 PM, Tyler Montney via Postfix-users wrote: That is the purpose of this discussion, to determine what exactly this scenario presents. As stated above, Provider A is aware and believes it's acceptable. It is acceptable because their documentation has features which rely on it.

[pfx] Re: Open relay clarification

> Please keep replies on list. >You've explained what's observable, but not why it's a problem. > Any random server on the internet can send to b...@corley.com without > authentication. The original sender may or may not authenticate to > *their* mail server, corley.com cannot control that. So corl

[pfx] Re: Open relay clarification

Please keep replies on list. On 4/17/2023 2:16 PM, Tyler Montney wrote: I'll put it this way, since I'm struggling to word this: Provider A contains the following customers: Acme Corporation (acme.com ) Corley Motors (corley.com ) Provider B contains the fol

[pfx] Re: Open relay clarification

On 4/17/2023 1:38 PM, Tyler Montney via Postfix-users wrote: I use a mail provider (Provider A) which has thousands of organizations. This provider allows unauthenticated SMTP to other organizations so long as they're using them as a provider (within their ecosystem). Of course, you cannot se