Stop intruder

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
User avatar
SorenR
Senior user
Senior user
Posts: 3220
Joined: 2006-08-21 15:38
Location: Denmark

Re: Stop intruder

Post by SorenR » 2019-10-08 10:11

jim.bus wrote:
2019-10-08 03:09
How come I keep hearing how ISPs block outgoing Port 25? I've been on two major ISPs in the 8 or more years I've been using hMailServer and neither one of them blocked Port 25 to me though one kept documenting they may do it but I never ran into it. Granted I now use a Static IP Address from my ISP but that has been only for about a year now.

Is this maybe a bit isolated to Europe and Australia, etc? I'm just curious.
My ISP blocked port 25 incoming :roll: when I first got my DSL connection after moving back to Denmark in 2003. I managed to get it liftet from my DSL in 2014 along with defining rDNS on my connection.

It seems my current ISP is the only one permitting rDNS on residential Broadband in Denmark so IF by any chance I should use a different ISP I believe I would have to tweak my domain details...

NB! Static IP address is a requirement !!

Eg. ClientIPaddress / FQDN = 87.51.999.999 / 87-51-999-999-static.304.dk.customer.tdc.net

DNS: acme.inc
acme.inc MX 10 87-51-999-999-static.304.dk.customer.tdc.net

hMailAdmin -> Settings -> Protocols -> SMTP [Delivery of email] : Local host name = 87-51-999-999-static.304.dk.customer.tdc.net
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

User avatar
jim.bus
Senior user
Senior user
Posts: 304
Joined: 2011-05-28 11:49
Location: US

Re: Stop intruder

Post by jim.bus » 2019-10-08 10:30

SorenR wrote:
2019-10-08 10:11
jim.bus wrote:
2019-10-08 03:09
How come I keep hearing how ISPs block outgoing Port 25? I've been on two major ISPs in the 8 or more years I've been using hMailServer and neither one of them blocked Port 25 to me though one kept documenting they may do it but I never ran into it. Granted I now use a Static IP Address from my ISP but that has been only for about a year now.

Is this maybe a bit isolated to Europe and Australia, etc? I'm just curious.
My ISP blocked port 25 incoming :roll: when I first got my DSL connection after moving back to Denmark in 2003. I managed to get it liftet from my DSL in 2014 along with defining rDNS on my connection.

It seems my current ISP is the only one permitting rDNS on residential Broadband in Denmark so IF by any chance I should use a different ISP I believe I would have to tweak my domain details...

NB! Static IP address is a requirement !!

Eg. ClientIPaddress / FQDN = 87.51.999.999 / 87-51-999-999-static.304.dk.customer.tdc.net

DNS: acme.inc
acme.inc MX 10 87-51-999-999-static.304.dk.customer.tdc.net

hMailAdmin -> Settings -> Protocols -> SMTP [Delivery of email] : Local host name = 87-51-999-999-static.304.dk.customer.tdc.net
Actually as I indicated, I only recently went to a Static IP. I had been using Dynamic IP Address from ISP for years and manually changing my Server Hostname when the Dynamic IP Address changed which was rarely. I never had Port 25 blocked nor did I have to use a Static IP. I did have a PTR Entry on my SPF TXT Record. Later I got a DDNS Hostname which I suspect is probably treated like a Static IP but I don't really know what the DDNS Servers actually do internally. Now currently of course I am using a Static IP and throughout the entire time I've used hMailServer I've never had Port 25 blocked. And for the SPF and PTR Enries, I do not use the Hostname my ISP sets up but rather the Hostname I set up in my DNS which of course resolves to the same Static IP.

I believe I just recently heard someone on this Forum indicate they were using a Dynamic IP also. I believe it just depends on the ISP as to whether they block Port 25 so I wondered how many were actually doing it because I've had so far two ISPs that didn't block Port 25.

palinka
Senior user
Senior user
Posts: 1262
Joined: 2017-09-12 17:57

Re: Stop intruder

Post by palinka » 2019-10-08 11:18

Verizon and time Warner definitely block. I believe comcast does too. That's over half the overall residential internet market right there (US).

User avatar
jim.bus
Senior user
Senior user
Posts: 304
Joined: 2011-05-28 11:49
Location: US

Re: Stop intruder

Post by jim.bus » 2019-10-08 12:17

palinka wrote:
2019-10-08 11:18
Verizon and time Warner definitely block. I believe comcast does too. That's over half the overall residential internet market right there (US).
I was with Comcast for a short while some years back and they didn't block then as best as I recall as I never set an SMTP Relay in hMailServer. But they never knew their right hand from their left hand either. They couldn't get anything straight with their customers which was a major reason I did not stay with them besides them not providing the service they promised.

palinka
Senior user
Senior user
Posts: 1262
Joined: 2017-09-12 17:57

Re: Stop intruder

Post by palinka » 2019-10-10 14:03

mattg wrote:
2019-10-08 02:00
Or perhaps using TOR
Speaking of which, i just ran across this.

https://www.dan.me.uk/dnsbl

Tor exit nodes in dnsbl. I'm going to try it starting today.

User avatar
mattg
Moderator
Moderator
Posts: 20272
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Stop intruder

Post by mattg » 2019-10-10 16:06

I've been running that a while with ZERO hits so far this month

I don't remember seeing one
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 1262
Joined: 2017-09-12 17:57

Re: Stop intruder

Post by palinka » 2019-10-10 16:17

I'd like to run it against every IP in my database, but I'm sure I'll get blacklisted for sending 10k IPs in a few minutes.

palinka
Senior user
Senior user
Posts: 1262
Joined: 2017-09-12 17:57

Re: Stop intruder

Post by palinka » 2019-10-11 03:28

So i ran the tor dnsbl against all 9,945 IPs in my firewall ban and had 24 hits.

0.24% of my connections came through tor. It could actually be a little higher. Some older entries may have been removed from the dnsbl. It's supposed to be real time. Still, don't be surprised if you get no hits at all on this filter.

palinka
Senior user
Senior user
Posts: 1262
Joined: 2017-09-12 17:57

Re: Stop intruder

Post by palinka » 2019-10-15 03:37

IDS hits are rolling in. Some never to be seen again, since with many repeat tries (and fails)...

http://hmsfirewallbandemo.ddns.net/sear ... reason=IDS

Post Reply