However, I'm not convinced blocking port 25 on dialups helps much with that. What it does help with is preventing them from connecting to open relays.
We don't stop our dial customers from getting *to* anything. What we do have though are (optional) *inbound* filters that make sure no-one can connect to their privileged ports over TCP/IP, and a mandatory filter that says only our network can deliver to their SMTP service. We don't get problems with open-relays on dialups. We didn't have any problems with MS-Blaster on dialups either... I'm considering adding privileged port filters for UDP/IP too, although again it would be optional so that customers who run their own UDP/IP services can get their responses (i.e. cacheing DNS, IKE, NTP, etc). Ray