We currently have a split domain setup, with Zimbra as a secondary server. We also currently do a high level antispam/virus at the edge, so there's no outside access at port 25.
Internally, we allow users to have access to SMTP and they can relay outside the domain if authed. Of course, since it's a split domain setup, zimbra accepts emails for ANY email address at the domain without the need to authenticate.
What we would like to do is to allow them SMTP access from the outside world but only if authenticated, while preventing spam/spoofs.
This should be easier to do with SSL, forcing that connection to perform auth regardless, while leaving port 25 as is (and firewalling it). Otherwise, if port 25 is forced to do authentication (TLS) then the edge mtas would have to do this as well, right ?
TIA and let me know if it's confusing and I'll try to clarify this...