AWS is probably the biggest cloud provider in the world. Of course the
majority of junk is going to be coming from their network,
simply because they are that big.
Hovever, I really wanted to see what the bot statistics for my mail
server were so I scanned my `Postfix` and `secure` log files for "access
denied" entries.
In the past 10 hours, there were:
* 573 Postfix SASL Auth Failed entries from 106 different IPs
* 1479 SSH Auth Failed attempts from 13 different IPs
I see lots of OVH, Azure, home/business connection providers (TELSTRA
Australia, lot of Asian stuff, Telefonica, Vodafone, Verizon...),
some random cloud/dedicated server provider here and there... but not a
single Amazon IP - which surprised me quite a bit actually.
For reference, this server is with OVH in France and does not have
fail2ban installed. Postfix has connection rate limiting enabled though.
On another note, I wouldn't recommend blatantly blacklisting anyone,
especially not large service/platform/infrastructure providers. Many
businesses (such as e-shops) rely completely
on AWS (or other cloud) infrastructure. If you don't receive emails
containing order details or invoices because you completely blacklisted
them... well, that's your problem.
If your server is setup correctly, those bots are completely harmless
and spamassassin will destroy 99.9% of spam emails, which I call success.
The other 0.1% that goes through (that one email a week) I can delete
manually.
Regards
--
Filip Hruska
Linux System Administrator
Dne 12/4/17 v 12:19 Edwin Pers napsal(a):
As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh
bots/etc that hit the firewalls at my sites are coming from AWS.
I used to send abuse emails but eventually gave up after receiving nothing beyond
"well, aws ip's are dynamic/shared so we can't help you"
-----Original Message-----
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rich Kulawiec
Sent: Monday, December 4, 2017 2:27 AM
To: nanog@nanog.org
Subject: Re: Suggestions for a more privacy conscious email provider
On Sun, Dec 03, 2017 at 05:08:33PM +0000, Filip Hruska wrote:
I personally run my own mail server, but route outgoing emails via Amazon
SES.
Not a good idea. Amazon's cloud operations are a constant source of
spam and abuse (e.g., brute-force SSH attacks), they refuse to accept
complaints per RFC 2142, and -- apparently -- they simply don't care to
do anything about it. I've had SES blacklisted in my MTA for years (among
other preventative measures) and highly recommend to others.
---rsk
