Following a recent 8.0 to 8.04 upgrade I came across a similar issue, but this thread indicates the issue was resolved in 8.03. However, it looks to have been only a partial fix...
Authenticated SMTP clients are able to successfully connect and send mail on 587 (bypassing any RBLs), but not on port 25.
The suggestion from Quanah in the Bugzilla article (permit_sasl_authenticated) seems to resolve the issue, but it would be nice to see if fixed 'officially'.
The only connections to port 25 should be from clients in "my_networks". I don't see an issue here.
The 'issue' is that, for better or worse, most mail clients default to using port 25 for SMTP sending, not 587. If Zimbra is running in a hosted environment where it's unlikely that one would know all the IP addresses/ranges of one's users, this presents a support nightmare in educating potentially hundreds or thousands of users, many of whom might be using different MUAs, in changing the port from 25 to 587.
Originally Posted by quanah
That's not to mention the many other devices that might need to send mail, such as multifunction printers (which often have a 'scan from unit' facility). On several manufacturers' devices, there isn't an option to change from port 25.
Sorry, but I'm quite confused here. I just installed a ZCS7 server, and we do not allow AUTH logins on port 25 on that release either. So your complaint seems to be that something we never configured doesn't work? Or is there something further I'm missing?
zimbra@zre-ldap004:~$ zmcontrol -v
Release 7.2.4_GA_2900.UBUNTU10_64 UBUNTU10_64 NETWORK edition.
zimbra@zre-ldap004:~$ telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 zre-ldap004.eng.vmware.com ESMTP Postfix
503 5.5.1 Error: authentication not enabled