Penned by Bob Beck on 20121009 10:05.42, we have: | Gilles, I'm actually wondering - should there even be a difference? | | Every practical implementation of 587 I've ever seen requires auth. Is there | any sane reason to have "enable auth" not actually require it? I.E. what | I'm asking is is "enable" (without require) simply a silly knob that | we're putting | in place that nobody should use? | | If you're accepting without auth, typically I find that's just done on | port 25 - and | anywhere I've deployed it that's what we've done. | | does anyone have a real use of port 587 with auth turned on but not required?
Try stupid ISPs that think that filtering port 25 is going to gain them more business class accounts without such filtering. Having a single port with the option to accept inbound traffic as well as authenticated traffic seems to be a use case that could apply to port 25 as well. Though with the existence of spamd, any sane OpenBSD mail server is going to have a 'delivery only protected by spamd' port and an 'authenticated only port without spamd protection'. I personally now could live w/out the ability to specify 'enable' instead of only having 'require' but in the past I would have found it invaluable. I am familiar with the phrase 'permitting admins to shoot themselves in the foot', and it indeed seems to be in this same vein of thinking to me. Thanks, | On Tue, Oct 9, 2012 at 7:48 AM, Gilles Chehade <[email protected]> wrote: | > On Tue, Oct 09, 2012 at 03:43:03PM +0200, Alexander Hall wrote: | >> On 10/09/12 15:33, Gilles Chehade wrote: | >> >Argh, you should have talked to me first ... | >> > | >> >Both require ssl and require auth are implemented already ... I did | >> >not commit yet because we stabilized a release and decided to not | >> >add new features to it unless they are critical. | >> > | >> >This feature should be committed in a few days | >> | >> well well, I got the pleasure of pretending to be a real hacker | >> anyway... ;-) | >> | > | > Actually, you're diff has a nice idea regarding the enable|require part | > which we'll incorporate in my diff, so you didn't hack for nothing :-) | > | > -- | > Gilles Chehade | > | > https://www.poolp.org @poolpOrg -- Todd Fries .. [email protected] ____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | PO Box 16169, Oklahoma City, OK 73113 \ sip:[email protected] | "..in support of free software solutions." \ sip:[email protected] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt
