Home page logo

nanog logo nanog mailing list archives

RE: ORBS (Re: Scanning)
From: Mitch Halmu <mitch () netside net>
Date: Mon, 28 May 2001 03:11:34 -0400 (EDT)

On Sun, 27 May 2001, Derek Balling wrote:

Well, you MUST (RFC2505, 2.1) prevent unauthorized use of your mail 
server as a mail relay.

So if your question is "since my local users don't have to 
authenticate themselves against my mail server, is there a rule that 
says I can't offer unauthenticated SMTP service to roaming users", I 
guess the answer is "yes, there IS actually a rule forbidding that."


Derek, there is a subtle difference between the words you SHOULD and
you MUST. The RFC you quoted is a "Best Current Practices" document.
You know, like "The Surgeon General had determined that [insert your
favorite vice here] is bad for your health". i.e, he can't order you
MUST stop smoking, maybe you SHOULD consider it because yadayada.

Now let's go back to 1997 and see how this baby was born. In Sep 1997,
on this very list, Paul Vixie was known to have laid the seed:

`Could somebody who hasn't been burned to a crisp by IETF politics please
write a "Mail Relay Requirements" RFC that we can brandish at these vendors?
(Dave Crocker seems like a logical choice for this given his past credits.)'

Full text of the message at http://www.dotcomeon.com/relay_default.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]