I am planning to close off port 25 in the near future for incoming connections except from my anti-spam gateway that will be setting in front of my cpanel server. I am though concerned that some users might still be using port 25 versus 587 or 465 for smtp. The only smtp authentication i am seeing in the exim_mainlog is failed connections and standard non authenticated connections. Am a missing something? Any suggestions for tracking what ports are being used for smtp auth and from what email accounts/domains?