So I have set up my own mail server 🙃 🙂. What an achievement for me 😆😅 And it was working fine till recently. It becomes really, really slow. And I checked the log and found out this. What could I do and what’s the purpose of this? Is it a brute force attack? All these ips are owned by the same person/group?? Any help or pointers will be deeply appreciated
A quick search for one of the IPs shows this: https://www.abuseipdb.com/check/46.148.40.161
So yes, it’s most likely an attack.
Yeah that looks a lot like the typical bruteforce attempts from the evil lands of the internet. Fail2ban did the trick for me. Logs are clean now
But the ips used in the attacks are not the same…fail2ban is active in my server but it didn’t ban anything since every ip user only failed once for the password
If there’s one thing I’ve learned over the years about self-hosting it’s that I’ll happily pay to not have to deal with email hosting.
The only “self-hosting” I do for email is to download my own local archive for storage.
It’s not a big deal to me and I’d rather have control over the services and, more importantly, the data. And my rented server is cheap.