I have run postfix for a number of years on my home (xubuntu) server machine with my router firewall limiting connections on port 25 to just the range of IP addresses which are my domain hosting company's SMTP servers.
This caused me a problem recently when they started using a new SMTP server which wasn't in the ranges allowed by my firewall. I can obviously add the address of the new server but would have the same problem the next time they add a new server. Their support is pretty good but maybe asking them to tell me whenever they change things might be a bit much. Is there much risk if I open up port 25 to any IP address? I have it this way at the moment and there are only a few (as in ten or a dozen) rogue connections per day so it doesn't seem as if port 25 is really very popular for hackers and such. I obviously have things set up to prevent relaying etc. (at least I hope I have!). If I leave things the way they are with port 25 open to anyone are there any other precautions I can take or regular things to check? Is there even some sort of utility like fail2ban that works with postfix (can't be exactly the same as there's no password involved). -- Chris Green
