On Fri, Dec 01, 2017 at 01:29:21PM -0600, Noel Jones wrote: > On 12/1/2017 12:19 PM, Chris Green wrote: > > > Is there much risk if I open up port 25 to any IP address? I have it > > this way at the moment and there are only a few (as in ten or a dozen) > > rogue connections per day so it doesn't seem as if port 25 is really > > very popular for hackers and such. > > > > You'll probably get a few relay attempts per day, unlikely more than > low hundreds. You also may see some AUTH attempts, which will > always fail since you apparently don't offer AUTH. These aren't > dangerous and don't use enough CPU or bandwidth to worry about > unless you have an expensive metered connection such as a satellite > link. > No, cheap and unmetered VDSL so a few extra bytes is irrelevant.
> You can use fail2ban with postfix to scan the logs for failed relay > attempts and failed AUTH logins to block repeat offenders, but > that's not really necessary since relay and AUTH will never work for > them. > OK. > Since you're expecting connections from a specific provider, feel > free to block other countries at your firewall to cut down on the noise. > That's a point, I can at least do that to reduce unwanted connections a bit. However it does sound like I shouldn't be too worried about it. :-) Thanks everyone. -- Chris Green
