I host my own email and can regularly see people/bots trying to log into my email and accounts with random names. I block those IPs as soon as they try and log in. I then log basic data about them (country, reverse DNS). I created a website that gives some basic statistics about that data and makes the IPs available if others wanted them.
I called it MX Offenders and I’m mostly doing this as a fun project for myself. The site is also self-hosted. It is at https://mxo.michaelspost.com/ It probably won’t be used by anyone, but was fun to create and I thought I would see what others think.
I did something similar with Graylog and ssh login attempts. Even had a neat little real-time global map with dots on the location the attempts originated from.
I get surprisingly few login attempts on my mail server though.
Is it possible to integrate that list with Stalwart? Like DNSBL or so? Or is that a different format?
/CC /u/StalwartLabs