When you see this in /var/log/mail.log, you know the chinese are out to get you:
Aug 10 14:15:05 manstein postfix/smtpd[7858]: connect from static-186-155-242-140.static.etb.net.co[186.155.242.140]
Aug 10 14:15:08 manstein postfix/smtpd[7858]: warning: static-186-155-242-140.static.etb.net.co[186.155.242.140]: SASL LOGIN authentication failed: authentication failure
Aug 10 14:15:08 manstein postfix/smtpd[7858]: lost connection after AUTH from static-186-155-242-140.static.etb.net.co[186.155.242.140]
Aug 10 14:15:08 manstein postfix/smtpd[7858]: disconnect from static-186-155-242-140.static.etb.net.co[186.155.242.140]
If, like me your first instinct is to block the entire IP range/AS in the firewall range and then secondly you remember that you have a TODO about tinkering with the Mikrotik, adding a dynamic address list of spammers (and SSH bots etc.), you get tired in a hurry.
Luckily, if the bandwidth consumed is small, you can “just” null-route the bastards:
sudo route add 123.56.236.175 gw 127.0.0.1 lo
or if you’re really annoyed:
~$ whois 123.56.236.175
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '123.56.0.0 - 123.57.255.255'
inetnum: 123.56.0.0 - 123.57.255.255
.....
% Information related to '123.56.0.0/15 AS37963'
and
sudo route add -net 123.56.0.0/15 gw 127.0.0.1 lo
Boom – the entire AS is gone, and hopefully the emails about your AliExpress purchases are originating in another net…