With the recent surge in spam, I wanted to let everyone know what you can do, what I am doing, and the amount of attacks our mail server is under.
First, what you can do:
1) Send spam you receive to: spamtrap@eskimo.com
2) Send some non-spam examples to: hamtrap@eskimo.com
This trains the Bayesian filters to recognize spam. Without examples of non-spam as well, the filters can not differentiate, so it is important to send some non-spam to hamtrap@eskimo.com as well, especially anything that is not spam but gets dropped in your spambox.
You can adjust your spam filters to better suit your needs: Click For More Info
What I am doing:
Spam filtering and spammers working to get past filters is an ongoing continuous struggle. Spammers test their spamming algorithms against spam filters and refine them. Developers alter spam filters to take spammers new methods into account.
Like our web server previously was, our mail servers are based upon CentOS6. CentOS6 was current in 2012, but although not yet at end of life, it is no longer the latest and greatest and getting little developer attention. Consequently updates are infrequent and spam filtering lags behind spammers.
I am working to move the mail servers to Ubuntu 15.10, as I have recently with the web server. Not only will it insure frequent and current updates but it will also improve performance somewhat.
Mail Server Attacks:
So that you can appreciate the amount of probing our mail server gets, people looking to find ways to find valid addresses to spam, I thought I’d share the current fail2ban IP block list. This is just what is hitting the server today:
Chain f2b-dovecot (1 references)
target prot opt source destination
REJECT all -- 173-165-112-17-Illinois.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 245.24.188.61.broad.dy.sc.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all -- 153.ip-51-255-33.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 185.56.80.114 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.43.229.232 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-dropbear (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-pam-generic (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix-rbl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix-sasl (1 references)
target prot opt source destination
REJECT all -- 173-165-112-17-Illinois.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 245.24.188.61.broad.dy.sc.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all -- 153.ip-51-255-33.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 185.56.80.114 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.43.229.232 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-recidive (1 references)
target prot opt source destination
REJECT all -- 185.56.80.114 anywhere reject-with icmp-port-unreachable
REJECT all -- 37.49.226.186 anywhere reject-with icmp-port-unreachable
REJECT all -- windows66101.geoffery.com anywhere reject-with icmp-port-unreachable
REJECT all -- 58.221.44.205 anywhere reject-with icmp-port-unreachable
REJECT all -- 76.72.173.181 anywhere reject-with icmp-port-unreachable
REJECT all -- 164.39.136.123 anywhere reject-with icmp-port-unreachable
REJECT all -- 190.52.32.172 anywhere reject-with icmp-port-unreachable
REJECT all -- D-128-208-148-212.dhcp4.washington.edu anywhere reject-with icmp-port-unreachable
REJECT all -- ip-184-168-146-234.ip.secureserver.net anywhere reject-with icmp-port-unreachable
REJECT all -- c-98-247-175-109.hsd1.wa.comcast.net anywhere reject-with icmp-port-unreachable
REJECT all -- 97.75.89.35 anywhere reject-with icmp-port-unreachable
REJECT all -- mail.tdsconstruction.com anywhere reject-with icmp-port-unreachable
REJECT all -- 91.108.176.107 anywhere reject-with icmp-port-unreachable
REJECT all -- h88-150-206-217.host.redstation.co.uk anywhere reject-with icmp-port-unreachable
REJECT all -- hosted-by.rdparena.com anywhere reject-with icmp-port-unreachable
REJECT all -- host69-2-static.24-87-b.business.telecomitalia.it anywhere reject-with icmp-port-unreachable
REJECT all -- fbh226.internetdsl.tpnet.pl anywhere reject-with icmp-port-unreachable
REJECT all -- g141198.upc-g.chello.nl anywhere reject-with icmp-port-unreachable
REJECT all -- 163.115.broadband.iol.cz anywhere reject-with icmp-port-unreachable
REJECT all -- p509988fd.dip0.t-ipconnect.de anywhere reject-with icmp-port-unreachable
REJECT all -- 76.72.173.190 anywhere reject-with icmp-port-unreachable
REJECT all -- mail.servprowmsn.com anywhere reject-with icmp-port-unreachable
REJECT all -- 75-150-98-233-NewEngland.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 75-146-243-98-Philadelphia.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- s18429360.onlinehome-server.com anywhere reject-with icmp-port-unreachable
REJECT all -- u15969958.onlinehome-server.com anywhere reject-with icmp-port-unreachable
REJECT all -- static-72-248-8-166.ny.onecommunications.net anywhere reject-with icmp-port-unreachable
REJECT all -- rrcs-71-40-142-130.se.biz.rr.com anywhere reject-with icmp-port-unreachable
REJECT all -- static-71-190-170-117.nycmny.fios.verizon.net anywhere reject-with icmp-port-unreachable
REJECT all -- cpe-70-92-233-170.wi.res.rr.com anywhere reject-with icmp-port-unreachable
REJECT all -- 70.35.206.123 anywhere reject-with icmp-port-unreachable
REJECT all -- 70.35.201.19 anywhere reject-with icmp-port-unreachable
REJECT all -- 70.35.195.55 anywhere reject-with icmp-port-unreachable
REJECT all -- 69.197.155.50 anywhere reject-with icmp-port-unreachable
REJECT all -- host-69-146-169-202.static.bresnan.net anywhere reject-with icmp-port-unreachable
REJECT all -- c-69-141-167-235.hsd1.nj.comcast.net anywhere reject-with icmp-port-unreachable
REJECT all -- static-68-238-246-15.phlapa.fios.verizon.net anywhere reject-with icmp-port-unreachable
REJECT all -- mail.lundinroof.com anywhere reject-with icmp-port-unreachable
REJECT all -- 68-115-153-234.static.hckr.nc.charter.com anywhere reject-with icmp-port-unreachable
REJECT all -- c-67-183-32-47.hsd1.wa.comcast.net anywhere reject-with icmp-port-unreachable
REJECT all -- h-67-102-220-137.lsan.ca.megapath.net anywhere reject-with icmp-port-unreachable
REJECT all -- windows76978.kesto.com anywhere reject-with icmp-port-unreachable
REJECT all -- nsc66.147.31-180.newsouth.net anywhere reject-with icmp-port-unreachable
REJECT all -- host2.deltagalil.com anywhere reject-with icmp-port-unreachable
REJECT all -- 65.127.84.206 anywhere reject-with icmp-port-unreachable
REJECT all -- dsl-112-24-rb.jax.centurytel.net anywhere reject-with icmp-port-unreachable
REJECT all -- mail.illuminatingexpressions.com anywhere reject-with icmp-port-unreachable
REJECT all -- rdp02.snthostings.com anywhere reject-with icmp-port-unreachable
REJECT all -- 61.233.62.179 anywhere reject-with icmp-port-unreachable
REJECT all -- 61-230-101-27.dynamic.hinet.net anywhere reject-with icmp-port-unreachable
REJECT all -- 58.221.58.187 anywhere reject-with icmp-port-unreachable
REJECT all -- 58.221.55.243 anywhere reject-with icmp-port-unreachable
REJECT all -- 58.221.46.247 anywhere reject-with icmp-port-unreachable
REJECT all -- 58.221.44.252 anywhere reject-with icmp-port-unreachable
REJECT all -- 58.218.185.110 anywhere reject-with icmp-port-unreachable
REJECT all -- 58.181.246.173 anywhere reject-with icmp-port-unreachable
REJECT all -- ec2-54-169-158-59.ap-southeast-1.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all -- ec2-54-153-96-21.us-west-1.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all -- 50.37.2.54 anywhere reject-with icmp-port-unreachable
REJECT all -- 50.34.210.34 anywhere reject-with icmp-port-unreachable
REJECT all -- 50-242-183-98-static.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 50-192-1-249-static.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 50.116.122.101 anywhere reject-with icmp-port-unreachable
REJECT all -- static.203.51.9.5.clients.your-server.de anywhere reject-with icmp-port-unreachable
REJECT all -- mail4.midiasphost.com anywhere reject-with icmp-port-unreachable
REJECT all -- 46.29.254.236 anywhere reject-with icmp-port-unreachable
REJECT all -- 46.29.252.123 anywhere reject-with icmp-port-unreachable
REJECT all -- 46.29.248.155 anywhere reject-with icmp-port-unreachable
REJECT all -- host.de.appvz.com anywhere reject-with icmp-port-unreachable
REJECT all -- ip-222-106.dataclub.biz anywhere reject-with icmp-port-unreachable
REJECT all -- 41.57.23.150 anywhere reject-with icmp-port-unreachable
REJECT all -- 40.118.240.189 anywhere reject-with icmp-port-unreachable
REJECT all -- 37.49.226.136 anywhere reject-with icmp-port-unreachable
REJECT all -- 37.203.213.2 anywhere reject-with icmp-port-unreachable
REJECT all -- abs-static-146.4.251.27.aircel.co.in anywhere reject-with icmp-port-unreachable
REJECT all -- rrcs-24-97-142-18.nys.biz.rr.com anywhere reject-with icmp-port-unreachable
REJECT all -- rrcs-24-199-162-14.midsouth.biz.rr.com anywhere reject-with icmp-port-unreachable
REJECT all -- 24-117-238-66.cpe.cableone.net anywhere reject-with icmp-port-unreachable
REJECT all -- 23-95-114-42-host.colocrossing.com anywhere reject-with icmp-port-unreachable
REJECT all -- mx1.closurepac.com anywhere reject-with icmp-port-unreachable
REJECT all -- 216.154.10.117 anywhere reject-with icmp-port-unreachable
REJECT all -- application-31240.pck.nerim.net anywhere reject-with icmp-port-unreachable
REJECT all -- sip.quranradio.qa anywhere reject-with icmp-port-unreachable
REJECT all -- 212.107.104.132 anywhere reject-with icmp-port-unreachable
REJECT all -- 207.201.206.162 anywhere reject-with icmp-port-unreachable
REJECT all -- 206.72.196.23 anywhere reject-with icmp-port-unreachable
REJECT all -- 202.155.213.54 anywhere reject-with icmp-port-unreachable
REJECT all -- 201.190.7.150 anywhere reject-with icmp-port-unreachable
REJECT all -- 79.201-148-26.bestel.com.mx anywhere reject-with icmp-port-unreachable
REJECT all -- 199.187.125.62 anywhere reject-with icmp-port-unreachable
REJECT all -- 199.187.123.100 anywhere reject-with icmp-port-unreachable
REJECT all -- 199.180.118.241 anywhere reject-with icmp-port-unreachable
REJECT all -- 199.180.118.240 anywhere reject-with icmp-port-unreachable
REJECT all -- 199.180.114.251 anywhere reject-with icmp-port-unreachable
REJECT all -- 198.50.201.15 anywhere reject-with icmp-port-unreachable
REJECT all -- 198-0-1-133-static.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 197.221.63.185 anywhere reject-with icmp-port-unreachable
REJECT all -- 195.245.173.70 anywhere reject-with icmp-port-unreachable
REJECT all -- 195-154-47-128.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 192.99.222.112 anywhere reject-with icmp-port-unreachable
REJECT all -- 192-3-13-36-host.colocrossing.com anywhere reject-with icmp-port-unreachable
REJECT all -- 191.101.23.229 anywhere reject-with icmp-port-unreachable
REJECT all -- static-190-181-38-244.acelerate.net anywhere reject-with icmp-port-unreachable
REJECT all -- Static-IP-19015924092.cable.net.co anywhere reject-with icmp-port-unreachable
REJECT all -- udf.life.com.br anywhere reject-with icmp-port-unreachable
REJECT all -- 189.22.180.178 anywhere reject-with icmp-port-unreachable
REJECT all -- 188.244.138.162 anywhere reject-with icmp-port-unreachable
REJECT all -- fixed-191-28-168.iusacell.net anywhere reject-with icmp-port-unreachable
REJECT all -- 187-11-116-244.dsl.telesp.net.br anywhere reject-with icmp-port-unreachable
REJECT all -- 186.3.197.5 anywhere reject-with icmp-port-unreachable
REJECT all -- 186-238-50-114.customer.tdatabrasil.net.br anywhere reject-with icmp-port-unreachable
REJECT all -- 185.3.134.123 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.3.134.120 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.3.134.111 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.3.134.103 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.3.133.64 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.3.133.39 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.3.133.146 anywhere reject-with icmp-port-unreachable
REJECT all -- 185.121.132.143 anywhere reject-with icmp-port-unreachable
REJECT all -- mo-184-6-80-235.dhcp.embarqhsd.net anywhere reject-with icmp-port-unreachable
REJECT all -- 184-23-195-114.dedicated.static.sonic.net anywhere reject-with icmp-port-unreachable
REJECT all -- 183.71.75.140 anywhere reject-with icmp-port-unreachable
REJECT all -- 183.60.111.212 anywhere reject-with icmp-port-unreachable
REJECT all -- mail.hazemag.in anywhere reject-with icmp-port-unreachable
REJECT all -- 181.49.47.145 anywhere reject-with icmp-port-unreachable
REJECT all -- static-181-143-131-58.une.net.co anywhere reject-with icmp-port-unreachable
REJECT all -- 180.111.230.246 anywhere reject-with icmp-port-unreachable
REJECT all -- 179.184.46.199.static.gvt.net.br anywhere reject-with icmp-port-unreachable
REJECT all -- 179.127.166.63 anywhere reject-with icmp-port-unreachable
REJECT all -- 178.216.49.147 anywhere reject-with icmp-port-unreachable
REJECT all -- 176.61.140.125 anywhere reject-with icmp-port-unreachable
REJECT all -- 176.61.140.12 anywhere reject-with icmp-port-unreachable
REJECT all -- 176.61.140.101 anywhere reject-with icmp-port-unreachable
REJECT all -- 175.100.68.220 anywhere reject-with icmp-port-unreachable
REJECT all -- wsip-174-79-249-61.sd.sd.cox.net anywhere reject-with icmp-port-unreachable
REJECT all -- D-173-250-191-187.dhcp4.washington.edu anywhere reject-with icmp-port-unreachable
REJECT all -- 48.architel.com anywhere reject-with icmp-port-unreachable
REJECT all -- ool-addcd752.static.optonline.net anywhere reject-with icmp-port-unreachable
REJECT all -- 173.214.175.19 anywhere reject-with icmp-port-unreachable
REJECT all -- 173-167-168-247-illinois.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 173-11-171-233-houston.txt.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 172.76.109.167 anywhere reject-with icmp-port-unreachable
REJECT all -- 164.77.47.16 anywhere reject-with icmp-port-unreachable
REJECT all -- 162.248.76.217 anywhere reject-with icmp-port-unreachable
REJECT all -- 162-17-222-125-static.hfc.comcastbusiness.net anywhere reject-with icmp-port-unreachable
REJECT all -- 158.69.57.241 anywhere reject-with icmp-port-unreachable
REJECT all -- 155.254.17.236 anywhere reject-with icmp-port-unreachable
REJECT all -- 142.54.162.197 anywhere reject-with icmp-port-unreachable
REJECT all -- D-140-142-128-197.dhcp4.washington.edu anywhere reject-with icmp-port-unreachable
REJECT all -- D-140-142-128-144.dhcp4.washington.edu anywhere reject-with icmp-port-unreachable
REJECT all -- 14.139.249.85 anywhere reject-with icmp-port-unreachable
REJECT all -- 14.102.52.163 anywhere reject-with icmp-port-unreachable
REJECT all -- datco2000.serverlet.com anywhere reject-with icmp-port-unreachable
REJECT all -- D-128-208-186-77.dhcp4.washington.edu anywhere reject-with icmp-port-unreachable
REJECT all -- D-128-208-148-71.dhcp4.washington.edu anywhere reject-with icmp-port-unreachable
REJECT all -- 125.67.126.89 anywhere reject-with icmp-port-unreachable
REJECT all -- 120.141.68.130 anywhere reject-with icmp-port-unreachable
REJECT all -- cr002ex02.couristan.com anywhere reject-with icmp-port-unreachable
REJECT all -- 118.70.81.79 anywhere reject-with icmp-port-unreachable
REJECT all -- 14.115.2.109.rev.sfr.net anywhere reject-with icmp-port-unreachable
REJECT all -- 108.59.46.114 anywhere reject-with icmp-port-unreachable
REJECT all -- D-108-179-135-158.dhcp4.washington.edu anywhere reject-with icmp-port-unreachable
REJECT all -- 107.182.20.207 anywhere reject-with icmp-port-unreachable
REJECT all -- 107.151.227.205 anywhere reject-with icmp-port-unreachable
REJECT all -- 104.243.24.149 anywhere reject-with icmp-port-unreachable
REJECT all -- static-100-13-135-9.tampfl.fios.verizon.net anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-sogo-auth (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd-ddos (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-uwimap-auth (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-xinetd-fail (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-xinetd-fail-log (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 6/min burst 2 LOG level warning prefix `f2b-xinetd-fail:DROP '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable