Does Eonix Have any Clients who Aren't Spammers?

Almost 100 percent of the spam that gets past SpamAssassin lately is hosted on an Eonix server. I’ve taken to temp-blocking the entire Class C’s in CSF, which of course works. I wonder how many legit senders I’m blocking in the process, but I’m starting to suspect none.

I only do this on the server hosting my own personally-owned sites, by the way; and I have my known senders whitelisted.

Richard

Never heard of Eonix but if they don’t police their users, they deserve a ban on all of their IPs. What their domain name or subnets? I’ll see if any are on my list.

Never mind. A simple google search turned up tons of results saying same as you.

They have about a bazillion of them. The ranges currently temp-blocked are:

50.3.238.0/24
50.2.211.0/24
173.232.220.0/24
104.206.174.0/24
170.130.51.0/24
173.44.188.0/24
23.90.57.0/24

Typically the spam will come in bursts from IP’s in the same Class C, sometimes sequentially numbered. Temp-blocking the Class C from the mail ports surely works, but of course I don’t want to block legit senders. I’m just starting to wonder whether Eonix hosts any.

Richard

I suppose it’s also possible that they host proxy servers, which are another source of incessant spam. I’ll have to research this.

Richard

Today’s another one of those days. Spam being sent from sequential Eonix IP addresses in 170.130.29.0/24. I temp blocked the whole Class C from ports 25, 465, 587, and 2525 for 30 days this time. It’s not the first offense for this range.

Richard

Here’s a list of their announced prefixes https://bgpview.io/asn/62904#prefixes-v4

The amount of image spam coming from Eonix right now is ridiculous!

1 Like

Thanks. I didn’t realize they were that big a company.

Richard

just deploy fail2ban, ssh key auth only and spamassassin and forget them forever like your ex… :slight_smile:

I have CSF doing everything fail2ban would do, which isn’t much when it comes to spam. And SpamAssassin with a few custom tweaks does catch well over 95 percent of it. So it’s not like the end of the world.

I’m noticing that most of the spam comes from only a few Class C’s, however. I guess they have dedicated ranges for spammers.

Richard

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.