esackbauer
Here are my reasons for doing it this way:
- Most automated hacking tools aren’t going to scan for alternate ports.
- Reduces number of logged attempts making it easier to spot patterns.
- With a large enough IP pool fail2ban is a minor inconvenience.
- Ability to permanently firewall an offending IP yet still allow normal traffic to port 25 (not all ips are static).
- 2FA doesn’t work in all cases (web sites or applications needing to relay).
Obscurity doesn’t work by itself but combined with other tools it does greatly reduce the number of attacks.
I’ve had my server running this way for years and have yet to see any disadvantage. Having to change all my web site and client configurations would be a pita.
I was Hostmaster for a large (at the time) ISP in the 90’s and have run my own mail servers since (primarily Sendmail). I’m just not very familiar with dovecot/postfix or changes due to how they are incorporated into mailcow/docker.
Duane
esackbauer
It also makes it easier to block the more serious hackers. They have to scan the system to discover the port. This would be detected by an IDS which can then reroute them to a honey pot.