My experience once a smarthost like mailgun.net/org sends any sort of spam emails in numbers I will block it and this is how you would do it. This example in blocking mailgun in Postfix permanently, all ranges.
You'll have to find all the mailgun IP ranges to block them all and you'll need to insert them into your main.cf like below example. Edit the file or from the line starting at check_client_access.
185.234.217.0/24 REJECT Your IP range is abusive and has been restricted. 194.87.151.0/24 REJECT Your IP range is abusive and has been restricted. 166.78.68.0/22 REJECT Your IP range is abusive and has been restricted. 198.61.254.0/23 REJECT Your IP range is abusive and has been restricted. 192.237.158.0/23 REJECT Your IP range is abusive and has been restricted. 23.253.182.0/23 REJECT Your IP range is abusive and has been restricted. 104.130.96.0/28 REJECT Your IP range is abusive and has been restricted. 146.20.113.0/24 REJECT Your IP range is abusive and has been restricted. 146.20.191.0/24 REJECT Your IP range is abusive and has been restricted. 159.135.224.0/20 REJECT Your IP range is abusive and has been restricted. 69.72.32.0/20 REJECT Your IP range is abusive and has been restricted. 104.130.122.0/23 REJECT Your IP range is abusive and has been restricted. 146.20.112.0/26 REJECT Your IP range is abusive and has been restricted. 161.38.192.0/20 REJECT Your IP range is abusive and has been restricted. 143.55.224.0/21 REJECT Your IP range is abusive and has been restricted. 143.55.232.0/22 REJECT Your IP range is abusive and has been restricted. 159.112.240.0/20 REJECT Your IP range is abusive and has been restricted.
After adding the IP ranges we need to compile the list with postmap. You must be in the directory that client_checks is located which is /etc/postfix.
After compiling client_checks the entry in main.cf should like the below. Then restart postfix and any other service that needs to be restart such as dovecot.
smtpd_recipient_restrictions = ... check_client_access cidr:/etc/postfix/client_checks ...
Now just watch the logs tail -f /var/log/mail.log to verify the blocking. No more spam from mailgun. Repeat this on returning offenders.
I usually watch the logs and depending on the spam or brute force attacks I just block the entire ranges with GeoIP as well. Countries to be concerned about are:
UZ,VN,SA,PE,BD,IS,SC,UA,BG,LT,IR,CN,IN,SG,BR,TH,TW,NL,PY,PL,PT,FR,UG,UY,HK,KR,MX,EE,TZ,NL.
If you prefer to still get emails from these countries I would create a secure portal that they can use instead for security reasons. Our spam blockers and blockages have us at about 98% spam free. If you need more information on email servers please contact us.
We do not use any third party blockers like mime-cast, etc.
Sorry we don't like spam.
