[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Connectivity Issues for a ODMR Server
At 1:13 AM -0400 8/23/99, Robert A. Rosenberg wrote:
In particular is the blocking of access to the SMTP Port (so a user
can not send EMAIL) when the user is currently attempting to
establish the connection from a location that is not on the ISP's
WAN (ie: not from a Dial-Up Gateway port or a Direct Connection to
the ISP's Network).
Yes, this has become common practice. But there are much better
methods, such as SMTP AUTH (especially when used with the Submission
port -- see RFC 2476 and RFC 2554).
I see no reason why the ODMR process should be more restrictive than
the POP Process
Additional restrictions on access to the ODMR port is not required or
strongly suggested by the RFC, but it is mentioned. There are good
reasons for restricting ODMR access more than POP or SMTP.
(1) POP and SMTP are often used by roaming users. ODMR is more
likely to be used by stationary servers.
(2) The risk from compromised POP access is the current spool file
for one user. The risk from compromised SMTP access is spam. The
risk from compromised ODMR access is all queued mail for one or more
domains. Absent specific information, it is reasonable to put a
higher ranking to the ODMR threat than POP or SMTP.
The combination of greater (assumed) value and little or no need for
roaming access makes it very reasonable to place additional
restrictions on access to the ODMR port.