Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!decvax!ucbvax!XX.LCS.MIT.EDU!SRA
From: SRA@XX.LCS.MIT.EDU (Rob Austein)
Newsgroups: mod.protocols.tcp-ip
Subject: SMTP, 2600, and the security of mail
Message-ID: <SRA.12243390211.BABYL@XX.LCS.MIT.EDU>
Date: Wed, 1-Oct-86 15:51:00 EDT
Article-I.D.: XX.SRA.12243390211.BABYL
Posted: Wed Oct  1 15:51:00 1986
Date-Received: Fri, 3-Oct-86 07:27:34 EDT
References: <GROSSMAN@Sierra.Stanford.EDU>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 16
Approved: tcp-ip@sri-nic.arpa


    Date: Monday, 29 September 1986  18:17-EDT
    From: Stu Grossman <GROSSMAN@Sierra.Stanford.EDU>

    You could (marginally) increase the security of SMTP traffic by having
    SMTP servers only accept connections from a 'privileged' remote socket.  

Bad idea.  Nobody has ever agreed on what a "priviledged port" is.
Berkeley has used that concept for some of their net code (I'm
thinking of LPD in particular).  It doesn't add any security when
talking to TOPS-20 or ITS, it's just a pain in the butt because I
can't let the TCP software do the local port multiplexing for me.

This whole discussion seems pretty pointless, since everybody accepts
the need for mail relays and you can't ever possibly verify what
happened on the other side of the mail relay.