Hi - we are finding that we are getting access attempts on a server that is behind a 28xx - Strict firewall rules are set, NAT used but port redirection for 25 & 1723. In both cases there are then rules set to block all traffic on those ports then to allow traffic from specific destinations. despite this someone is running random scans on the system attempting to match user/password names! Any thoughts or suggestions as to what to check? Thanks.

Port 25 SMTP...

Is your SMTP server open to all callers? If so then you will get these annyances. If you are running something like I do, where my primary MX record points to something like SpamHero, the mail is scanned and then sent back to me. I changed the SMTP port to something else, then set SpamHero's config to deliver to me on that port, that stopped all of the scans and attempts on my mail server. I did start out by having port 25 set to allow just SpamHereo addresses, but that caused a few issues as they can change.

Yes, I was trying to set a filter rule so that port 25 was only open to the filter service IP address - sounds as if you had tried that previously also? - can you run through how you set the rules even just in general terms? Thanks