Hi again guys!
I suffred another setback today when a customer asked if they can use smtp/pop3 email access without logging on to the hotspot system.
smtp relay on port 25 seems to be simple enough following the documentation. port 465 /995 for SSL mail access is something different.
Any idea that might help will be much appreciated. (it will save a few days of scratching my head 
)
Robert S.
Are you really sure you want to open port 25 for just anybody who walks by?
I have not done so, and probablly never will. But me and my big mouth suggested to some of our customers to use Gmail as it has both html and pop3 access. A lot of our customers are using yahoo mail, and although I placed yahoo.com on the walled garden they still have to login when they attempt to send an attachment.
Now that they are using gmail and started configuring the pop3 programs to download gmail directlly, MT blocks the SSL SMTP/POP3 ports, back to square “1”, which means login first before upload/download mails. 
Waiting for possible solution…
Robert S.
The hotspot-temp rules in the firewall define what’s allowed by unauthenticated users, so whether it’s port 25 or any other port, adding an accept rule to that ruleset should be enough to let users through without logging in. You might consider limiting the bandwidth or the rate of SYN packets through those special rules just to limit the possible damage that could be done by unauthenticated users.
I placed 2 rules on dst-nat to accept traffic on dst-port 465 and 995 respectivelly. It works great, but i still have to test for a few days..
Robert S.