Default Exit Policy
Juliusz Chroboczek
Juliusz.Chroboczek at pps.jussieu.fr
Mon May 26 18:46:09 UTC 2008
> Just as with SMTP, security [with SMTP-submit] is optional. See
> RFC 4409 for details on the protocol.
4.3. Require Authentication
The MSA MUST by default issue an error response to the MAIL command
if the session has not been authenticated using [SMTP-AUTH], unless
it has already independently established authentication or
authorization (such as being within a protected subnetwork).
In other words, SMTP-submit MUST use authentication, but the
authentication may be something as weak as deciding depending on the
IP address.
Folks, unless you are running on a network that allows unauthenticated
SMTP-auth, please allow port 587 in your exit policy.
Juliusz
More information about the tor-talk
mailing list