Does Eonix Have any Clients who Aren't Spammers?

RJM_Web_Design · December 4, 2020, 1:33pm

Almost 100 percent of the spam that gets past SpamAssassin lately is hosted on an Eonix server. I’ve taken to temp-blocking the entire Class C’s in CSF, which of course works. I wonder how many legit senders I’m blocking in the process, but I’m starting to suspect none.

I only do this on the server hosting my own personally-owned sites, by the way; and I have my known senders whitelisted.

Richard

scotwnw · December 4, 2020, 2:14pm

Never heard of Eonix but if they don’t police their users, they deserve a ban on all of their IPs. What their domain name or subnets? I’ll see if any are on my list.

Never mind. A simple google search turned up tons of results saying same as you.

RJM_Web_Design · December 4, 2020, 2:44pm

They have about a bazillion of them. The ranges currently temp-blocked are:

50.3.238.0/24
50.2.211.0/24
173.232.220.0/24
104.206.174.0/24
170.130.51.0/24
173.44.188.0/24
23.90.57.0/24

Typically the spam will come in bursts from IP’s in the same Class C, sometimes sequentially numbered. Temp-blocking the Class C from the mail ports surely works, but of course I don’t want to block legit senders. I’m just starting to wonder whether Eonix hosts any.

Richard

RJM_Web_Design · December 4, 2020, 2:47pm

I suppose it’s also possible that they host proxy servers, which are another source of incessant spam. I’ll have to research this.

Richard

RJM_Web_Design · December 12, 2020, 4:53pm

Today’s another one of those days. Spam being sent from sequential Eonix IP addresses in 170.130.29.0/24. I temp blocked the whole Class C from ports 25, 465, 587, and 2525 for 30 days this time. It’s not the first offense for this range.

Richard

greentreehosting · December 15, 2020, 10:55pm

Here’s a list of their announced prefixes AS62904 Eonix Corporation BGP Network Information - BGPView

The amount of image spam coming from Eonix right now is ridiculous!

RJM_Web_Design · December 16, 2020, 1:27am

Thanks. I didn’t realize they were that big a company.

Richard

unborn · December 17, 2020, 6:01pm

just deploy fail2ban, ssh key auth only and spamassassin and forget them forever like your ex…

RJM_Web_Design · December 17, 2020, 10:29pm

I have CSF doing everything fail2ban would do, which isn’t much when it comes to spam. And SpamAssassin with a few custom tweaks does catch well over 95 percent of it. So it’s not like the end of the world.

I’m noticing that most of the spam comes from only a few Class C’s, however. I guess they have dedicated ranges for spammers.

Richard

system · January 16, 2021, 10:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.