Re: Suggestions for a more privacy conscious email provider

[Filip Hruska <fhr () fhrnet eu>]

AWS is probably the biggest cloud provider in the world. Of course the 
majority of junk is going to be coming from their network,
simply because they are that big.


Hovever, I really wanted to see what the bot statistics for my mail 
server were so I scanned my `Postfix` and `secure` log files for "access 
denied" entries.
In the past 10 hours, there were:

* 573 Postfix SASL Auth Failed entries from 106 different IPs
* 1479 SSH Auth Failed attempts from 13 different IPs

I see lots of OVH, Azure, home/business connection providers (TELSTRA 
Australia, lot of Asian stuff, Telefonica, Vodafone, Verizon...),
some random cloud/dedicated server provider here and there... but not a 
single Amazon IP - which surprised me quite a bit actually.

For reference, this server is with OVH in France and does not have 
fail2ban installed. Postfix has connection rate limiting enabled though.


On another note, I wouldn't recommend blatantly blacklisting anyone, 
especially not large service/platform/infrastructure providers. Many 
businesses (such as e-shops) rely completely
on AWS (or other cloud) infrastructure. If you don't receive emails 
containing order details or invoices because you completely blacklisted 
them... well, that's your problem.

If your server is setup correctly, those bots are completely harmless 
and spamassassin will destroy 99.9% of spam emails, which I call success.
The other 0.1% that goes through (that one email a week) I can delete 
manually.


Regards

--
Filip Hruska
Linux System Administrator

Dne 12/4/17 v 12:19 Edwin Pers napsal(a):
> As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh bots/etc that hit the firewalls at my sites 
> are coming from AWS.
> I used to send abuse emails but eventually gave up after receiving nothing beyond "well, aws ip's are dynamic/shared so we 
> can't help you"
>
>
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Rich Kulawiec
> Sent: Monday, December 4, 2017 2:27 AM
> To: nanog () nanog org
> Subject: Re: Suggestions for a more privacy conscious email provider
>
> On Sun, Dec 03, 2017 at 05:08:33PM +0000, Filip Hruska wrote:
> > I personally run my own mail server, but route outgoing emails via Amazon
> > SES.
> Not a good idea.  Amazon's cloud operations are a constant source of
> spam and abuse (e.g., brute-force SSH attacks), they refuse to accept
> complaints per RFC 2142, and -- apparently -- they simply don't care to
> do anything about it.  I've had SES blacklisted in my MTA for years (among
> other preventative measures) and highly recommend to others.
>
> ---rsk