It’s been a long time since I have seen more than 1 fail2ban notification in my mailbox for months.
But I’ve got 200 in the last 24 hours, IPs from all around the globe.
All of them were against postfix, they are trying to send email to not existing email addresses.
(received includes fail2ban)
Well, actually nothing to see here as everything do their jobs, no spam, no overload, just the annoying fail2ban reports.
But still, I am curious if any of you experienced the same?
Possibly a new botnet came alive?
Actually the max 1 ban/day earlier was a very low ratio I know, but since I added many IP blacklists to pfSense, I haven’t seen this much of fail2ban reports.
I have checked these IPs but I haven’t found any reference for them in google with the keyword blacklist.
If anyone interested in the IPs to find a list that covers them, then I can share it in private.
Your feedback is welcomed!
Edit: stopped Sunday midnight.