From: Kaas Baichtal
Sent: Saturday, August 06, 2005 3:28 PM
I think the most common two instances I've seen on my mailservers
both fall
loosely into this category:
* Legitimate email being rejected due to being sent from the wrong
location. (aka the traveling mailman problem, or the roaming/home
user problem.)
1) It's been difficult to get email through to our secure mailserver from
all ISPs when users are travelling. Some of the dial up ISPs seem to grab
the email packets and make them go through their own servers instead,
regardless of how "outgoing mailserver" is set on the email client. This
results in some of their mail to 3rd parties that check SPF
getting blocked
as coming from an illegitimate IP. We've had some success getting around
this using alternate ports but when users are on the road they
are often not
highly receptive to spending lots of time on the phone screwing
around with
their mail settings to work it out.
Have you considered transitioning your users to SMTP AUTH? They would
submit mail and authenticate over port 587 whether they are at home or on
the road. I've never heard of anyone blocking that port and the setup is
trivial in most MUA's. Implementing TLS is not required, even though it is
better security. Submitting plaintext through port 587 from outside your
network is no worse than submitting plaintext through port 25 from the same
location (when that port isn't blocked).
--
Seth Goodman