Well, it has finally started happening. Spammers are hitting non-standard ports to deliver spam in an attempt to get around spam filters.
It seems that so many people now use a spam filter on port 25, and then open their normal mail server at 2525 that spammers are hitting port 2525 first in many cases. We saw our first relay attempt ever in the month of April, and now in May we have recorded over 100,000 attempts.
Spammers are getting more and more desperate to deliver their spam. We do not recommend port 2525 for your mail server, but we do recommend a non-standard port. A common thing I tell users is to pick your street address. If your office is at 5600 some street, then use that port. It will be easy for you to remember, and spammers won’t try it (not yet).
The real lesson here is to never allow open relay on ANY server, even if you think it is on a safe port that no one will use. Apparently a number of large server side spam filters now automatically remap port 2525 for Exchange (and set it to allow all connections); that is what is causing the huge number of spammers to now try it.