On Fri, 13 Aug 2010 11:46:53 +0700 Makara <chanmak...@gmail.com> wrote:
> Puthick, no authentication require for sending mail out because of > users knowledge limitation. We would like to solve the problem without > implement smtp authentication. use one of the pop-before-smtp packages. It's admittedly a kludge, but it worked "well enough" most of the time before SMTP Auth was available. Add SMTP auth as well, if users have problems sending then set them to SMTP Auth on a case-by-case basis. New customers you can have set up for SMTP Auth by default. These days, it is not hard to enable auth on clients. It's usually a check box, "My server requires authentication" and it should be easy to put together a web page explaining this to your users. SpamAssassin and rate limiting are useful tools, but running an open relay is very dangerous and will eventually be discovered: most open relay blacklists don't care whether or not you are transmitting spam or not -- you will get blacklisted if your mail server is found, and it will be found. Security should be a feature you can explain to your customers as a benefit: "we do this because if we don't, your mail will be less deliverable, and we want to ensure you can send mail to your friends and family."
