On 12/1/2017 12:19 PM, Chris Green wrote: > Is there much risk if I open up port 25 to any IP address? I have it > this way at the moment and there are only a few (as in ten or a dozen) > rogue connections per day so it doesn't seem as if port 25 is really > very popular for hackers and such. >
You'll probably get a few relay attempts per day, unlikely more than low hundreds. You also may see some AUTH attempts, which will always fail since you apparently don't offer AUTH. These aren't dangerous and don't use enough CPU or bandwidth to worry about unless you have an expensive metered connection such as a satellite link. You can use fail2ban with postfix to scan the logs for failed relay attempts and failed AUTH logins to block repeat offenders, but that's not really necessary since relay and AUTH will never work for them. Since you're expecting connections from a specific provider, feel free to block other countries at your firewall to cut down on the noise. -- Noel Jones
