Jan Wildeboer 😷
Observation: with the beginning of the war against Iran, botnets more or less stopped attacking my mailserver. From typically 300–500 IP addresses per day it's now less than 5 since a week. Indicates that maybe quite some C&C (Command and Control) servers were operating from Iranian IP addresses and fell victim to the internet shutdown there.
@homelab The attacking IP addresses were always from many countries, with a bit of clustering in the US, China and indo-pacific countries. These botnets mostly use malware infected domestic devices. They do get their targets from the C&C servers and these seem to have gone quiet.
It is now day 5 with zero SASL login attempts on my mailserver after 3 years of at least 150 IP addresse/day. I am not complaining :) @homelab
Erik@jwildeboer @homelab Over here it was very quite the last ~week, but since early morning GMT SASL login attempts started again.