After years of collecting attacks and doing some recent pattern changes, I’m going to setup the structure here to periodically share some of the jail IPs that I continue to snag. I’ll publish them here. The goal isn’t to provide a publishing blacklist or anything, but just be of some additional confirmation if people are searching out IP addresses of bad actors to their infrastructure.
Postfix-SASL Jail: Connections that tried to relay off my servers.
Postfix Jail: Connections that tried to relay non-SASL off my servers.
Dovecot Jail: Connection that tried to login via IMAP/IMAPS off my servers.
Apache-Auth Jail: Connections that tried to use Apache-Auth on my servers.