> > What stops your customers from submitting to port 25 on your port 25 > machines, when they're out roaming (ie. not on an IP address from which > you have blocked port 25 traffic)? > > That's part of what I was saying. Simply segregating which IPs are > blocked for port 25 isn't going to help. You either have to restrict > roaming (bad) or you have to accept that they might connect to you on > port 25 when they're roaming. > > IMO, SMTP-AUTH is a better arbiter of "is my user or isn't my user" than > what port they used or what IP address they are or aren't on. > Segregating by IP is pretty useless, except in whitelisting the machines > you directly manage. And I certainly don't use it as a part of virus > control. >
John What stops them from submitting on port 25 is admin-ing it so that "no smtp auth" is available on port 25 And, isn't port 465 designated for ssl and smtp auth ? - rh
