Hi Bruce - long time no see :-)
If I understand your description of Comcast behavior correctly, I simply cannot run email server on my machine. This comes as a consequence of my belief that even if I configure my server to use port 587 for both outbound and inbound traffic, other email servers that participate in carrying email to me, would not know about my configuration.
Specifically I am not sure that I understand what means "They will BLOCK all client to MX, as well as MX to client, and client to client traffic on port 25 - no exceptions", so let me drop the from the jargon to plain English and describe by problem:
My business email (congral.com) is with Google and I want to run Smarter Mail on my domain petcms.us on my own server using Comcast static IP address. So, here is the scenario that fails:
Using Outlook and my congral.com email I send an email message to my account on SmarterMail (petcms.us). This includes the following steps:
1. Outlook sends the email to Gmail server - this is what you call client to MX I guess and this works as I am not getting any rejections from Google.
2. Gmail server sends this email to Smarter Mail - this ought to be the MX to MX and this is what I believe where the failure occurs.
3. I use Web Browser to connect to SmarterMail on petcms.us - and this (client to MX) works fine again as I can successfully send email from SmarterMail to my congral.com account.
If all this is true, my configuration should work - but it does not.
Lastly, I tried to use a service like dnsexit.com by pointing my petcms.us MX record to dnsexit.com which then redirects my email to petcms.us port 587 -- and then everything works just fine, with the caveat that I am now paying to two service providers to support my mail server and that does not bode with me.
Am I understanding my situation correctly meaning that Comcast is screwing me for no good reason?