In order to prevent getting marked as spammers, we should possibly block outgoing port 25, so that users trying to send mail need to go through us (or an authenticated MTA elsewhere on port 587, which shouldn't cause spam reputation problems to us). This will increase the effectiveness of Postfix-level outgoing mail blockages, and would open up significant opportunities for our Postfix doing smart things like logging, rate-limiting, etc..

I believe at this point there's something resembling consensus this would be fine. If any maintainers object, please say so (including on this ticket, so it's easy to find the record of it). A prerequisite is probably doing some logging to identify users currently depending on outgoing port 25, and either grandfathering them or working with them to stop doing so.

We are already currently logging to syslog every time a user makes a direct port 25 connection; I object to implementing this plan insofar as I believe we should do analysis of those logs before we move directly to blocking.

Also we probably want to allow connections to outgoing-auth, since I know some users use that path for mail submission. Not sure how to do that without allowing unauth outgoing, though. :/

Fixed in r2700.

