mossymaker's questions

Due to PCI-DSS, we are required to disable plaintext authentication. We've achieved this by encapsulating communications between our mail server and clients with TLS on port 465.

The problem lies in that port 25 must remain open and unencrypted for us to receive email from the internet, but should not allow authentication.

I've tried disabling the AUTH command, but that breaks authentication on port 465, too.

Is there a mail server or proxy that will allow separate configuration for port 25 and 465, such that authentication is only available over a secure channel?

Also noteworthy: we are using MailEnable with stunnel in FIPS mode.

Update:

MailEnable supplied a patched SMTP executable that allowed me to configure via Windows' registry whether authorization is offered on each listening port. This solved my problem—hopefully, they will publish the patch as a hotfix.

I've successfully set up and connected to a workplace VPN using Shrew, but when I connect, no adapter appears in Windows' "Network Connections" folder. Consequently, I cannot find a way to share, bridge, or otherwise make it available to other network devices.

What I'm trying to achieve is using Internet Connection Sharing to allow an IP phone on my PC's second LAN adapter to connect to a server on my workplace network via the VPN connection established with Shrew.

I can see the Shrew-Soft-Virtual-Adapter-created "Local Area Connection* 11" using ipconfig; is there another way to achieve this?