On Wed, May 28, 2008 at 1:42 PM, Drew Lehman <dlehman at digitatech dot com> wrote:
> I have an issue with a remote user.  I have blocked all outside address from
> SMTP except a spam filtering server to avoid "drive-by-spam".  This has
> worked great except one of the owners uses a Windows Mobile device to
> retrieve and send mail.  The retrieval works great, but Verizon has a huge
> range of addresses that are not contiguous.  I have been able to map out
> ranges as she gets blocked, but this is time consuming and frustrating for
> the client.  Verizon cannot give me a list of ranges (I'm not sure if any
> one person knows them), but can tell me that they all resolve to
> *.myvzw.com.  So far I have no been able to allow access based on the host
> name.  Any suggestion?  I would love to roll these out to more clients, but
> this is going to be a common issue as many clients have seen my use my phone
> for my office email and love the idea.
>

m0n0wall can't filter on DNS.

There aren't *that* many blocks the phones will end up on. I have a
similar setup at one location and have maybe a handful of CIDR blocks
to cover both AT&T and VZW Windows Mobile users. Look up the IPs the
phones are coming from on ARIN and you'll find the CIDR blocks, you
shouldn't need any more than 2-3 of them. It's subject to change, but
I've been running that way for about 2 years and haven't had to change
anything.

Another alternative is to add another port forward for SMTP using a
different port, open that to the entire Internet, and let the phones
use that.

-Chris