AWS is probably the biggest cloud provider in the world. Of course the majority of junk is going to be coming from their network, simply because they are that big. Hovever, I really wanted to see what the bot statistics for my mail server were so I scanned my `Postfix` and `secure` log files for "access denied" entries. In the past 10 hours, there were: * 573 Postfix SASL Auth Failed entries from 106 different IPs * 1479 SSH Auth Failed attempts from 13 different IPs I see lots of OVH, Azure, home/business connection providers (TELSTRA Australia, lot of Asian stuff, Telefonica, Vodafone, Verizon...), some random cloud/dedicated server provider here and there... but not a single Amazon IP - which surprised me quite a bit actually. For reference, this server is with OVH in France and does not have fail2ban installed. Postfix has connection rate limiting enabled though. On another note, I wouldn't recommend blatantly blacklisting anyone, especially not large service/platform/infrastructure providers. Many businesses (such as e-shops) rely completely on AWS (or other cloud) infrastructure. If you don't receive emails containing order details or invoices because you completely blacklisted them... well, that's your problem. If your server is setup correctly, those bots are completely harmless and spamassassin will destroy 99.9% of spam emails, which I call success. The other 0.1% that goes through (that one email a week) I can delete manually. Regards -- Filip Hruska Linux System Administrator Dne 12/4/17 v 12:19 Edwin Pers napsal(a):
As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh bots/etc that hit the firewalls at my sites are coming from AWS. I used to send abuse emails but eventually gave up after receiving nothing beyond "well, aws ip's are dynamic/shared so we can't help you"
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Rich Kulawiec Sent: Monday, December 4, 2017 2:27 AM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider
On Sun, Dec 03, 2017 at 05:08:33PM +0000, Filip Hruska wrote:
I personally run my own mail server, but route outgoing emails via Amazon SES. Not a good idea. Amazon's cloud operations are a constant source of spam and abuse (e.g., brute-force SSH attacks), they refuse to accept complaints per RFC 2142, and -- apparently -- they simply don't care to do anything about it. I've had SES blacklisted in my MTA for years (among other preventative measures) and highly recommend to others.
---rsk