[Mailman-Developers] Mailman and Submission port

Patrick Ben Koetter p at state-of-mind.de
Sun Nov 29 10:30:15 CET 2009


MM developers,

I'd like to propose a change in MM3s default SMTP client port from port 25
(transport) to port 587 (submission).

Why? From my point of view mailman rather is a mail component that introduces
messages into a mail system than one that sits between MTAs and assists in
transporting messages that pass by.

RFC 4409 <http://www.rfc-editor.org/rfc/rfc4409.txt> explicitly defines a
submission port (587) for mail systems whose purpose is to accept message from
MUAs:

   However, SMTP is now also widely used as a message *submission*
   protocol, that is, a means for Message User Agents (MUAs) to
   introduce new messages into the MTA routing network.  The process
   that accepts message submissions from MUAs is termed a Message
   Submission Agent (MSA).


Apart from doing 'the right thing' what would be the benefit?

The RFC gives some ideas in a later section:

   (...) Even when submitted messages are complete, local site policy may
   dictate that the message text be examined or modified in some way, e.g., to
   conceal local name or address spaces.  Such completions or modifications
   have been shown to cause harm when performed by downstream MTAs -- that is,
   MTAs after the first-hop submission MTA -- and are in general considered to
   be outside the province of standardized MTA functionality.

>From my daily work with mailman the following "modified in some way"-tasks
come to my mind immediately:

- apply client and content policy that differs from the port 25 anti-spam
  policy
- add DKIM signatures because it is clear mailman messages are ORIGINATING
  from our network


What would we have to do, to make port 587 the default port? In section 4 the
RFC says, a MSA MUST do all of the following:

1. General Submission Rejection Code
2. Ensure All Domains Are Fully-Qualified
3. Require Authentication

To cut it short: 1. and 2. are trivial (at least in Postfix and I don't know
the others MTAs well enough to tell for them too). 3. requires to add SMTP AUTH
functionality to Mailman's SMTP client.


How should we implement SMTP AUTH in the MM SMTP client?

I propose for a start plaintext (PLAIN, LOGIN) and shared-secret mechanisms
(CRAM-MD5, DIGEST-MD5) should be added to the SMTP client. Those are the ones
used most widely in every day SMTP AUTH.

Later implementations could add GSSAPI and EXTERNAL. If plaintext mechanisms
are added we should also consider to add STARTTLS functionality to MM's SMTP
client to shield credentials while they are sent in a plaintext authentication
session.


p at rick

-- 
state of mind
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15      Telefon +49 89 3090 4664
81669 München              Telefax +49 89 3090 4666

Amtsgericht München        Partnerschaftsregister PR 563



More information about the Mailman-Developers mailing list