The change wouldn't prohibit customers from being able to send email. If they choose to not use our outbound SMTP server (which provides relay for on-net customers, regardless of their domain name), they simply register a request to leave port 25 outbound open for them (inbound wouldn't be touched).
It does what ?? So any customer can connect to your mail server and send mail as anyone - I think I can guess the reasons why you've done that, but it looks precisely the wrong way round to me. So I guess you'll say you've got a log if anyone complains - but the fact is you're actively making a decision to participate in potential fraud - I'd get a very good lawyer to check your liability (in every country, not just the USA) if I were you. If we ran our mail server inside our company like that I know our lawyers would have our bollocks on toast...
Ok, some quick clarification.
I provide relay for *on-net* customers (customers with our IP addresses). People outside of our network have to authenticate or use web-based email.
I don't have an open SMTP relay.
Many ISP's and businesses we deal with don't allow their own mail users (that use our IP addresses) to relay through their boxes. That's, IMHO, very br0ken, but oh well. Hence, the trusted IP's.
Back to tarpitting...
So did we decide to make it into a reusable plugin, or a separate module to be used by each plugin, or is it better left to external utilities like SpamCannibal and iptables?
-- Bryan
