Tommy,

Are you using the regular SMTP or the SMTP Proxy server in Xeams? I recommend you use the regular SMTP in Xeams. Check https://www.xeams.com/switchingproxy2regular.htm for instructions and why we recommend this.

Your hMailServer will always think the communication is being initiated by Xeams IP address when it is sitting in front. It will never know the real IP address of the server on the Internet. When you use the regular SMTP server, Xeams will completely shield your hMailServers from any attack. If someone tries to guess passwords in Xeams, they will be blocked. Check https://www.xeams.com/best-practices-prevent-password-hacks.htm for how to configure Xeams so no one will be able to guess passwords.

You should only route port 25 through Xeams. Every other port (465, 587, 993, and 995) should go directly to your hMailServer. In fact, I recommend you don't use standard ports on hMailServer. Because passwords can be guessed through any of the above ports.

Answers to your specific questions:

1. hMailServer will NOT know the real IP if the connection is made on port 25, since Xeams is sitting in between. It will know the real IP for every other port.
2. Xeams will take care of the attacks on port 25. Check InvalidPasswordAttempts.log in Xeams. It will give you an idea of who is attacking on port 25. hMailServer will have to handle the remaining ports. That is why I recommend using non-standard ports for the remaining services. You can always ask you users to change these values in their Outlook/Thunderbird.