On Fri, 25 Feb 2005 02:30:01 EST, Jim Popovitch said:
Why not a VPN solution. If you have mail servers that your users need, chances are that you also have file servers, internal web servers. calender servers, etc.
We're talking ISPs and other "mostly open" providers, not corporate nets. Remember that a *big* part is the support nightmare of getting your 50,000 Joe Sixpack subscribers to pull down a menu and change a 25 to a 587. And you intend to make them purchase, install, and configure a VPN?
Should file/web/calender servers all open one port or internal access and a second port for authenticated external access?
Last I heard, if you have "public" and "internal" web content, Best Practices says to put then not on different ports, but *different hosts* - the public one out in your DMZ, and your internal one on your internal network.