[Evolution-users] Script: Port 25 Monitoring Tools

[Michael S.]

There seems to be some demand to learn about the dreaded port 25 and why 99%
of servers block it. I have port 25 open, but I monitor it very closely. am
sharing my port 25 monitoring tool. 
Use it at your own risk. Although I have changed it a few times over the
years, it is mostly cobbled together and enhanced as situations we faced,
dictated it. One example, I saw a post recently in here that they have port 25
traffic being directed to nonexistent accounts. This is a non-no, and is
mimicking server attacks, so you will easily get the attention of your ser
hosts once your IOP spikes. 

If you don't know how to set up fail2ban or run a .sh script, or change mail
ports, then this 500 line script may not for you in a live environment. 

Please use it at you own risk. Fell free to use it.

=== SECURITY RECOMMENDATIONS ===
1. Block port 25 if you don't need email functionality
2. Use external email services (Gmail, SendGrid, etc.) instead of local mail
3. Monitor logs regularly for suspicious activity
4. Keep your system updated
5. Use fail2ban to automatically block suspicious IPs
6. Consider using non-standard ports for legitimate mail services

I will post a guide on how to implement 6. if anyone asks. 

Thanks to poc for allowing this OT mail hack to be posted here.

https://gist.github.com/divsmart/590858a1d5d78fbca26044b3c1c046f3
-- 
Michael S.
Evo is awesome!