Good morning,
On servers I run, I typically geo-block connections from foreign countries. I find this cuts out the vast majority of hacking attempts, and there is really no situation in which these connections will be legitimate. In just the past couple weeks since I started running Axigen, I’ve had 15,741 attempts from 31 IP addresses to log in as 651 users that don’t exist on my system. Not a single one of these IPs (Lithuania, South Korea, Turkey) would have been allowed if I enabled my usual geo-blocking.
I have not done geo-blocking for port 25 or 465 because I’m concerned that for example Gmail or Office 365 SMTP may sometimes run through a foreign datacenter and block legitimate access.
Does anyone know if that is the case? Or is it fine to geo-block SMTP?
Hello Karl,
Could you please confirm how exactly are you intenting to geo-block SMTP connections (for example only on port 465)?
If I should be in your shoes and like to geo-block the SMTP connections I would:
1/ deactivate authentication on port 25
2/ do not allow non authenticated sessions on port 465
3/ geo-block connections on port 465 (see above)
HTH,
Ioan
This would be done in the firewall, so no need to adjust settings on Axigen for it. I already do this for the webmail on port 80 and 443, so only IP addresses in the United States can connect on those ports.
I’m just mainly concerned about cloud based services that may use SMTP servers abroad being unable to send email to our domain even though the incoming message itself is domestic.
Excellent. Than geo-blocking 465 and disable authentication on port 25 is the way to go.
Good luck!
Ioan