[adeelarifbhatti]

Klug,
getting authentication over port 25 is not a good idea coz of plain text passwords travel across the network.
TLS can be an good idea, but what if the 25 traffic is to come on spam firewall.
Users will get authenticate over SSL port i.e. 465 or may be 587, and will deliver the mail, this will make them bypass the spam firewall.
This is I guess, the best flow of traffic, I will appreciate if some other is shared if considered to be more appropriate then the above.


Regards
Adeel