raitchison is 100 per cent correct. This happened to me too. Give up early trying to get your solution working... assuming you have small home office based internet connection. Most ISP's publish their DHCP client ranges to MAPS and real time black hole lists in effort to keep their users from being mail relay zombies. You are falling victim to this and there really isn't any way to get your mail servers (or your edge router/firewall) fully routable IP removed from the MAPS of black hole list. Better get happy with your DNS exit solution, rehost elsewhere or buy an appropriate "business" internet service where your IP will be cleared to connect and receive connections on all ports and protocols....

I like where Sancho is going, good on you! Repel those old school best practice junkies that make people ignore IT people! If you read about the studies on security incidents, 80% are caused by internal staff and this really needs to be kept in mind when exploring this topic. Risk management philosophies will suggest you cannot prevent all risks so you have to focus one most common ones or more specifically, ones that put you at highest risk. Translated then, with respect to password security, the focus must be for us to create and install password standards strong enough to keep from guessed or quickly being brute forced but simple enough to keep people from writing them down. We need to install password controls for our users which protect people from themselves but balance humanities limited abilities to remember things without writing them down. My suggestion is: 1. 7 char or longer to infinity (keeping in mind some systems limit this). A password that is mandated too long will ensure people struggle to come up with a password and if they struggle to think of a password. Phrases should be encouraged. 2. require "strong" passwords defined by me as requiring upper/lower/symbol 3. Purchase or build systems that use pass thru authentication (or get rid of passwords and move biometrics or some other 2 factor based solution) 4. DO NOT activate password rotation despite what the security propeller-heads, and robots say at SANS etc. If you must turn it on due to audit or regulatory compliance, ensure that all your password directories for all of your system password expire all at the same time for a user so that they change their passwords in one fell swoop again minimizing the chance that they need to write them down 5. Allow user and go so far as to encourage them to use the SAME password on systems Why: To improve security of our world, you must take into account humanity or at least consider what 90% (or at least 50%) of the world is capable of technically or from a environment perspective. Lets face it, most of the people outside of IT see the endless pile of access accounts and passwords as job creation for the rest of us. The remaining people have no knowledge at all as to the risk the they are creating for themselves, us or their employers. The knee jerk reaction from the typical IT person is that we need to protect people from themselves for their own good and I agree - somewhat! What IT professionals need to realize is that our users cannot relate to zombies that steal passwords and have no capacity to remember the myriad of usernames and password combinations we submit them to. We need to disregard old school theories around security that suggest all password "best practices" need to be turned on and set to the max. All we do is ensure that people including many of us reading these articles wil be compelled to write them down. Finally, we must educate our less technical people around us that there are real risks out there but also spend time to show them how they can fall victim to the risks and explain what they can do with simple behaviour to save their skin.