[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Connectivity Issues for a ODMR Server

At 1:13 AM -0400 8/23/99, Robert A. Rosenberg wrote:

In particular is the blocking of access to the SMTP Port (so a user can not send EMAIL) when the user is currently attempting to establish the connection from a location that is not on the ISP's WAN (ie: not from a Dial-Up Gateway port or a Direct Connection to the ISP's Network).

Yes, this has become common practice. But there are much better methods, such as SMTP AUTH (especially when used with the Submission port -- see RFC 2476 and RFC 2554).

I see no reason why the ODMR process should be more restrictive than the POP Process

Additional restrictions on access to the ODMR port is not required or strongly suggested by the RFC, but it is mentioned. There are good reasons for restricting ODMR access more than POP or SMTP.

(1) POP and SMTP are often used by roaming users. ODMR is more likely to be used by stationary servers.

(2) The risk from compromised POP access is the current spool file for one user. The risk from compromised SMTP access is spam. The risk from compromised ODMR access is all queued mail for one or more domains. Absent specific information, it is reasonable to put a higher ranking to the ODMR threat than POP or SMTP.

The combination of greater (assumed) value and little or no need for roaming access makes it very reasonable to place additional restrictions on access to the ODMR port.