Re: Connectivity Issues for a ODMR Server

[Randall Gellens <randy@xxxxxxxxxxxx>]

At 1:13 AM -0400 8/23/99, Robert A. Rosenberg wrote:

> In particular is the blocking of access to the SMTP Port (so a user 
> can not send EMAIL) when the user is currently attempting to 
> establish the connection from a location that is not on the ISP's 
> WAN (ie: not from a Dial-Up Gateway port or a Direct Connection to 
> the ISP's Network).

Yes, this has become common practice.  But there are much better 
methods, such as SMTP AUTH (especially when used with the Submission 
port -- see RFC 2476 and RFC 2554).

> I see no reason why the ODMR process should be more restrictive than 
> the POP Process

Additional restrictions on access to the ODMR port is not required or 
strongly suggested by the RFC, but it is mentioned.  There are good 
reasons for restricting ODMR access more than POP or SMTP.

(1) POP and SMTP are often used by roaming users.  ODMR is more 
likely to be used by stationary servers.

(2) The risk from compromised POP access is the current spool file 
for one user.  The risk from compromised SMTP access is spam.  The 
risk from compromised ODMR access is all queued mail for one or more 
domains.  Absent specific information, it is reasonable to put a 
higher ranking to the ODMR threat than POP or SMTP.

The combination of greater (assumed) value and little or no need for 
roaming access makes it very reasonable to place additional 
restrictions on access to the ODMR port.