I meant actual mail servers routing email. I was taking the exploit attempts as a given, which is why securing it would be top priority. I see all kinds of attempts on my web server logs, including many WordPress exploits. (Now, if I was running WordPress, I’d be concerned.)
I’m careful what I forward from the router, and ssh ain’t one of them.
Years ago, I had a program on a PC watch the firewall logs and play a different sound effect depending on the port that was attempted. I would know in real time when a new Code Red outbreak happened, or when I inherited an IP address from someone running a Napster clone, and I saw the first clumsy botnet port scans (and scanned them back as I recall).
I should rig up an RPi1 with maximum security, and shove it out past the router firewall to do the same thing. It’s good to know what’s banging on the door. (It’s not that I have an infinite supply of Pis, it’s just that as I’ve upgraded the “server and beta” machines, that’s left four Pis out of work. An RPi2 is getting a fancy retro case, and then there were 3.)