Most of the recent vulnerabilities around mail have been Exchange via OWA and ECP on port 443 rather than 25. Most residential isp blocks have port 25 outgoing blocked. Patching Exchange has been a nightmare for many organisations. It was one reason O365 saw such a huge take up. For myself, as well as being fully patched, all my email goes through the Proxmox mail gateway service first (with appropriate filters and blacklists setup) and then on to Exchange. It is actually quite surprising how many End of life Exchange systems (like 2007) are still on line. Those things literally cannot be patched.
I think that is mostly a US thing. I know from experience that my ISP doesnât block it. I tried setting up a mail server a while back, but kind of had to give up on it since mail from residential IPs is always ending up in spam boxes anyway. So it was basically useless. However, it didnât stop spammers from giving it a go. In the logs I saw more failed login attempts for SMTP than for SSH. Of course I used very strong passwords and fail2ban. But the torrent of attempts never slowed down. Too many IPs to try from I guess. In the end I just shut it down and closed the ports as it wasnât of any use to me anyway.
But yeah, exchange servers have indeed been a big problem recently. Itâs a bit more of a sophisticated attack on those though. They actually abuse exploits, while the SMPT attacks are nothing more than just login attempts with common credentials.
You can get around the problem using services like smtp2go. They also help a lot with things like spf and dkim to improve email deliverability. SMTP2GO allows you to send the email via them on other ports besides 25. So using 2525 or 587 isnât a problem. I was playing with a free account today to help out a client who has problems with emails from their scanner not going through O365 and my Exchange is also set to route outgoing mail via them.
2 Likes
I did set up spf and dkim, but it didnât seem to help. Iâll give smtp2go a look, thanks!
Unfortunately, your issue was more than likely that while the DKIM and SPF validation was acceptable, the rDNS hostname and the hostname your mail server would identify itself as wouldnât match. I know Outlook/Microsoft domains get really picky if the IP rDNS hostname doesnât match the hostname that the mail server identifies itself as and typically will just drop the message instead of even putting it into spam. smtp2go would be a relay so it should be fine.
The other problem being residential ip blocks are often on blacklists. Even if port 25 itself is open.
1 Like