To my surprise, POP3 on port 110 and SMTP on port 25 appeared in the TOP10 Services list in the daily executive summary report.
I suspect that one of my children misconfigured a new email account so that it does not use SSL/TLS for inbound and outbound email. I want to track it down so that we can secure it before they go back to school in the fall.
One way to do it is to block ports 110 and 25 and then see what breaks. That seems like a drastic solution to me.
Is there a log where I can identify the IP address that is using ports 110 and 25? I looked in the firewall log, but it shows only dropped packets. Perhaps there is a setting that needs to be changed so that I can record activity to destination ports 110 and 25?
This thread was automatically locked due to age.
