>> AUTH on port 25 is on your list of expected features?
> My goal while sysadmin in the university department was that Thunderbird
> at home on Cox cable worked without logging into the university VPN.
If you try that in 2018, I'd expect your residential ISP to block your
SYN packets. I think of AUTH as something that you normally offer (and
require) on 587, which you may or may not have open to the outside world.
> Was that particular exposure unnecessary?
No, if you had 587 open to the world, I don't think offering AUTH
on 25 would incur any additional risk for you. I don't have 587
open, so for me AUTH on 25 might incur some small additional risk.
> Content-Disposition: inline; filename=mailtesting-probe.log
Thanks. Nothing obvious jumps out at me, but here are 3 things I
don't understand: (1) HTTP activity starts several minutes before
message timestamp; (2) When the user agent mentions Googlebot, some
text that seems to belong in the referrer field is inside the user
agent field; (3) Two of the three Googlebot entries are from Google
IP space, but the other one seems to be from Amazon EC2 IP space.
I don't normally look at web server logs; these things might be
obvious to someone who does.