Ok so all of this happened on March 8 2022 when I got a person
trying to break into my mail server from IP 5.34.205.54 (AS15828)


Mar 8 19:01:20 server1 postfix/smtps/smtpd[151411]: warning: unknown[5.34.205.54]: SASL LOGIN authentication failed: Invalid
authentication mechanism
Mar 8 19:01:20 server1 postfix/smtps/smtpd[151411]: disconnect from unknown[5.34.205.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Mar 8 19:04:41 server1 postfix/anvil[151414]: statistics: max
connection rate 1/60s for (smtps:5.34.205.54) at Mar 8 19:01:19
Mar 8 19:04:41 server1 postfix/anvil[151414]: statistics: max
connection count 1 for (smtps:5.34.205.54) at Mar 8 19:01:19
Mar 8 19:04:41 server1 postfix/anvil[151414]: statistics: max cache
size 1 at Mar 8 19:01:19
Mar 8 19:22:15 server1 postfix/smtps/smtpd[151551]: connect from unknown[5.34.205.54]
Mar 8 19:22:16 server1 postfix/smtps/smtpd[151551]: warning: unknown[5.34.205.54]: SASL LOGIN authentication failed: Invalid
authentication mechanism
Mar 8 19:22:16 server1 postfix/smtps/smtpd[151551]: disconnect from unknown[5.34.205.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Mar 8 19:25:36 server1 postfix/anvil[151554]: statistics: max
connection rate 1/60s for (smtps:5.34.205.54) at Mar 8 19:22:15
Mar 8 19:25:36 server1 postfix/anvil[151554]: statistics: max
connection count 1 for (smtps:5.34.205.54) at Mar 8 19:22:15
Mar 8 19:25:36 server1 postfix/anvil[151554]: statistics: max cache
size 1 at Mar 8 19:22:15
Mar 8 19:43:05 server1 postfix/smtps/smtpd[151689]: connect from unknown[5.34.205.54]
Mar 8 19:43:06 server1 postfix/smtps/smtpd[151689]: warning: unknown[5.34.205.54]: SASL LOGIN authentication failed: Invalid
authentication mechanism
Mar 8 19:43:07 server1 postfix/smtps/smtpd[151689]: disconnect from unknown[5.34.205.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Mar 8 19:46:27 server1 postfix/anvil[151692]: statistics: max
connection rate 1/60s for (smtps:5.34.205.54) at Mar 8 19:43:06
Mar 8 19:46:27 server1 postfix/anvil[151692]: statistics: max
connection count 1 for (smtps:5.34.205.54) at Mar 8 19:43:06


So I believe that the person responsible for this break in attempt was
the one that I was contacting is the one responsible for the spam.

The person is using a free yandex.com email address as their contact
email address and doesn't appear to be any kind of legit website
for this ISP. The person is using the email address of spaceshipnetworks@yandex.com the whole thing looks fishy to me.

I did contact the person on the ripe record first and got no where
with them before contacting the one providing connectivity to them.

https://apps.db.ripe.net/db-web-ui/query?searchtext=5.34.205.54


https://www.cidr-report.org/cgi-bin/as-report?as=AS15828

15828 WCD-AS, IR

Adjacency: 1 Upstream: 1 Downstream: 0
Upstream Adjacent AS list
AS133398 TELE-AS Tele Asia Limited, HK

whois: 401308

IANA has recorded AS15828 as originally allocated by
/usr/bin/whois -h jwhois.apnic.netr "AS15828\n % This is the
RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.

% Information related to 'AS15826 - AS15833'

as-block: AS15826 - AS15833
descr: RIPE NCC ASN block
remarks: These AS Numbers are assigned to network operators in the RIPE NCC service region.
mnt-by: RIPE-NCC-HM-MNT
created: 2018-11-22T15:27:25Z
last-modified: 2018-11-22T15:27:25Z
source: RIPE

% Information related to 'AS15828'

% Abuse contact for 'AS15828' is
'spaceshipnetworks@yandex.com'

aut-num: AS15828
as-name: WCD-AS
export: to AS59721 announce as15828
export: to AS43754 announce as15828
export: to AS48011 announce as15828
export: to AS47350 announce as15828
export: to AS133398 announce as15828
import: From AS43754 accept any
import: From AS48011 accept any
import: From AS47350 accept any
import: From AS59721 accept any
import: From AS133398 accept any
org: ORG-BDNC3-RIPE
admin-c: MK17520-RIPE
tech-c: MK17520-RIPE
abuse-c: ACRO45411-RIPE
status: ASSIGNED
mnt-by: RIPE-NCC-END-MNT
mnt-by: wcd
created: 2015-08-31T13:46:05Z
last-modified: 2021-12-22T17:59:44Z
source: RIPE
sponsoring-org: ORG-RNB1-RIPE

organisation: ORG-BDNC3-RIPE
org-name: Blue Diamond Network Co., Ltd.
org-type: OTHER
address: AlmaseAbi Building - Mosalla blv -
RobatKarim - Tehran - Iran
abuse-c: AR33223-RIPE
mnt-ref: MNT-ALMAS
mnt-by: MNT-ALMAS
created: 2015-08-17T07:55:22Z
last-modified: 2015-08-17T08:19:44Z
source: RIPE # Filtered

person: DWCI NET
address: 1110 Palms Airport Drive 89119 Las Vegas, NV
phone: +971525729284
nic-hdl: MK17520-RIPE
mnt-by: wcd
created: 2015-01-27T10:15:09Z
last-modified: 2022-03-12T22:46:25Z
source: RIPE

So I decided to contact the person who it appears is providing ISP
providing connectivity to them Who is Tele Asia Limited, HK

Lovely another provider in Hong Hong. But this one is a special kind
of stupid he has been insulting and rude towards me every since the
start when I asked him to block all traffic to the /24 5.34.205.0/24

I have been dealing with Clive Rand clive.rand@tele-asia.net and he
has been rude and ignorant and cursing at me and insulting me constantly.

So then I started to do a bit more digging and find out who exact
is tele-asia.net is.

I came across this


https://www.spamhaus.org/sbl/listings/tele-asia.net

Found 6 SBL listings for IPs under the responsibility of tele-asia.net

SBL545218
185.36.81.177/32 tele-asia.net
17-Mar-2022 10:49 GMT
Spamvertised website

SBL543599
45.125.67.0/24 tele-asia.net
23-Feb-2022 23:29 GMT
Suspected Snowshoe Spam IP Range

SBL543598
45.125.67.77/32 tele-asia.net
23-Feb-2022 23:28 GMT
spam source

SBL543473
45.125.67.75/32 tele-asia.net
22-Feb-2022 17:39 GMT
spam source

SBL543230
45.125.67.74/32 tele-asia.net
18-Feb-2022 22:22 GMT
spam source

SBL543112
45.125.67.73/32 tele-asia.net
17-Feb-2022 15:32 GMT
spam source

Oh looks like they are quite spam friendly too
it makes sense now why they are willing to provide
connectivity to some one who is trying to break into mail
servers.

Then I did a bit more digging on abuseipdb.com

https://www.abuseipdb.com/check/5.34.205.54

There has been 656 reports of abuse coming from this IP at
the time of writing this post from 44 different sources.
and the last report was just 48 minutes ago at the time of writing
this post. So the abuse is very active.

So it isn't just me seeing abuse coming from this IP


https://www.abuseipdb.com/check/5.34.205.54


Anyone else seeing these break in attempts it appears to be a spammer
trying to break into mail servers to gain access to to the mail
server to send out spam emails.

I would also be very careful contacting tele-asia.net as they appear to
either being paid a large sum of money to turn a blind eye to this abuse
or are working in conjunction with this abuser.

http://www.tele-asia.net/eng/index.php


They also don't even have a working abuse mailbox at tele-asia.net
either. If you email abuse@tele-asia.net it bounces back saying the
mailbox is full.

They must be getting a lot of abuse complaints or something.

You can report abuse here as well and open a ticket but it appears
tickets fall on deaf ears with these guys when it comes to abuse
at tele-asia.net

https://www.tele-asia.net/billing/submitticket.php?step=2&deptid=5


This is the bounce back that I get. If you email
abusedept@tele-asia.net it works.

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

abuse@tele-asia.net
LMTP error after RCPT TO:<abuse@tele-asia.net>:
552 5.2.2 <abuse@tele-asia.net> Quota exceeded (mailbox for user is
full)


Reporting-MTA: dns; main.hosthongkong.net

Action: failed
Final-Recipient: rfc822;abuse@tele-asia.net
Status: 5.0.0


Has anyone else seen anything coming from 5.34.205.54?

I would definitely block 5.34.205.0/24 and possibly all of tele-asia.net
as well.

Anyone else seeing these attempts coming from this spammer rats nest.

I would be very careful dealing with "Spaceship Networks" or
tele-asia.net in this case. They appear to be a big spam nest.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Post To Usenet" <posttousenet@gmail.com> wrote in message news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border (as are all
of the former USSR states, the Middle East, most of Asia and a large chunk
of Africa).

Have you heard about rate limiting? Fail2Ban?

--
Bob Milutinovic
Cognicom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:

"Post To Usenet" <posttousenet@gmail.com> wrote in message news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border (as are
all of the former USSR states, the Middle East, most of Asia and a large chunk of Africa).

Have you heard about rate limiting? Fail2Ban?

Yes have heard of Fail2ban and yes I run it already.

It also isn't Ukraine the person responsible for this Clive Rand
I believe is the one using this other IP block to do this.

I got a similar message from the free email account as the
one sent to me by Clive Rand.

They are in Hong Kong not the Ukraine tele0asia.net

Also if anyone else is interested in blocking tele-asia.net
here are at least some of their IP blocks.


Tele-asia.net

45.123.88.0/22
45.123.188.0/24
45.123.189.0/24
45.123.190.0/24
45.123.191.0/24
45.125.65.0/24
45.125.66.0/24
45.125.67.0/24
79.141.168.0/23
91.224.92.0/24
103.16.228.0/22
103.253.40.0/23
103.253.42.0/24
103.253.43.0/24
114.112.255.0/24
122.14.132.0/24
185.36.81.0/24
185.174.41.0/24
191.101.180.0/24
193.31.41.0/24
223.252.173.0/24


# Spaceship Networks
5.34.205.0/24

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday, 21 March 2022 11:07 -0600,
in article <t1abc8$3da$1@dont-email.me>,
Jamie Baillie <posttousenet@gmail.com> wrote:

On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:

Jamie <posttousenet@gmail.com> wrote in message
news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border
(as are all of the former USSR states, the Middle East, most of
Asia and a large chunk of Africa).

Have you heard about rate limiting? Fail2Ban?

Yes have heard of Fail2ban and yes I run it already.

It also isn't Ukraine the person responsible for this Clive Rand I
believe is the one using this other IP block to do this.

I got a similar message from the free email account as the one sent
to me by Clive Rand.

They are in Hong Kong not the Ukraine tele0asia.net

# Spaceship Networks
5.34.205.0/24

$ db-ip.sh 5.34.205.54
{
"ipAddress": "5.34.205.54",
"continentCode": "EU",
"continentName": "Europe",
"countryCode": "UA",
"countryName": "Ukraine",
"stateProv": "Kyiv City",
"city": "Kyiv"
}


[omit the backslash escape on Linux]
$ whois -h whois.ripe.net -- -BL\ 5.34.205.54 | grep @
e-mail: bitbucket@ripe.net
e-mail: bitbucket@ripe.net
% Abuse contact for '5.34.192.0 - 5.34.207.255' is 'abuse@rasane.com'
notify: haghshenas@gmail.com
notify: majid.mashayekhi@gmail.com
e-mail: haghshenas@gmail.com
notify: ripe@rsane.com
e-mail: mashayekhi@rasane.com
e-mail: majid.mashayekhi@gmail.com
% Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'
e-mail: spaceshipnetworks@yandex.com
% Abuse contact for '5.34.205.0 - 5.34.205.255' is 'spaceshipnetworks@yandex.com'
e-mail: spaceshipnetworks@yandex.com
e-mail: spaceshipnetworks@yandex.com

Rather than tilting against windmills in Hong Kong, perhaps contacting SpaceshipNetworks' hosting provider might prove more useful.

% Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'

One would hope that Jamie has learned to keep his "reports" neutral,
brief and to the point, rather than including a quagmire of copy and
paste text, such as the butt-load of crap which Bob graciously trimmed.

So far as Jamie being treated rudely in a belligerent manner, it sounds
as though Jamie's been Jamied.

- --
David Ritz <dritz@mindspring.com>
Be kind to animals; kiss a shark.

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYji/hgAKCRBSvCmZGhLe 6zsBAKDs3zqOnrS2eChAW0vQk5W4YdjJ4QCgu8QwkxXQPyMRnSIfo3usLB4sTRo=
=FV8Q
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3/21/22 11:10, David Ritz wrote:

On Monday, 21 March 2022 11:07 -0600,
in article <t1abc8$3da$1@dont-email.me>,
Jamie Baillie <posttousenet@gmail.com> wrote:

On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:

Jamie <posttousenet@gmail.com> wrote in message
news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border
(as are all of the former USSR states, the Middle East, most of
Asia and a large chunk of Africa).

Have you heard about rate limiting? Fail2Ban?

Yes have heard of Fail2ban and yes I run it already.

It also isn't Ukraine the person responsible for this Clive Rand I
believe is the one using this other IP block to do this.

I got a similar message from the free email account as the one sent
to me by Clive Rand.

They are in Hong Kong not the Ukraine tele0asia.net

# Spaceship Networks
5.34.205.0/24

$ db-ip.sh 5.34.205.54
{
"ipAddress": "5.34.205.54",
"continentCode": "EU",
"continentName": "Europe",
"countryCode": "UA",
"countryName": "Ukraine",
"stateProv": "Kyiv City",
"city": "Kyiv"
}

[omit the backslash escape on Linux]
$ whois -h whois.ripe.net -- -BL\ 5.34.205.54 | grep @
e-mail: bitbucket@ripe.net
e-mail: bitbucket@ripe.net
% Abuse contact for '5.34.192.0 - 5.34.207.255' is 'abuse@rasane.com'
notify: haghshenas@gmail.com
notify: majid.mashayekhi@gmail.com
e-mail: haghshenas@gmail.com
notify: ripe@rsane.com
e-mail: mashayekhi@rasane.com
e-mail: majid.mashayekhi@gmail.com
% Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'
e-mail: spaceshipnetworks@yandex.com
% Abuse contact for '5.34.205.0 - 5.34.205.255' is 'spaceshipnetworks@yandex.com'
e-mail: spaceshipnetworks@yandex.com
e-mail: spaceshipnetworks@yandex.com

Rather than tilting against windmills in Hong Kong, perhaps contacting SpaceshipNetworks' hosting provider might prove more useful.

% Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'

One would hope that Jamie has learned to keep his "reports" neutral,
brief and to the point, rather than including a quagmire of copy and
paste text, such as the butt-load of crap which Bob graciously trimmed.

So far as Jamie being treated rudely in a belligerent manner, it sounds
as though Jamie's been Jamied.

+1

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Bob Milutinovic" <cognicom@gmail.com> wrote:

"Post To Usenet" <posttousenet@gmail.com> wrote in message news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border (as
are all of the former USSR states, the Middle East, most of Asia and a
large chunk of Africa).

Have you heard about rate limiting? Fail2Ban?

$ whois 5.34.205.54
inetnum: 5.34.205.0 - 5.34.205.255
org: ORG-SL1132-RIPE
netname: SpaceshipNetworks
country: UA
[…]

organisation: ORG-SL1132-RIPE
org-name: Spaceshipnetworks LTD
org-type: OTHER
address: Khreshhatik St., 14D, Kyiv (Kiev), UA
[…]

$ whois -h riswhois.ripe.net 5.34.205.54

route: 5.34.205.0/24
origin: AS15828
descr: WCD-AS Blue Diamond Network Co., Ltd., IR


--
A. Filip

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Post To Usenet <posttousenet@gmail.com> wrote:

On 2022-03-21 2:03 p.m., Andrzej Adam Filip wrote:

"Bob Milutinovic" <cognicom@gmail.com> wrote:

"Post To Usenet" <posttousenet@gmail.com> wrote in message
news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border (as
are all of the former USSR states, the Middle East, most of Asia and a
large chunk of Africa).

Have you heard about rate limiting? Fail2Ban?

$ whois 5.34.205.54
inetnum: 5.34.205.0 - 5.34.205.255
org: ORG-SL1132-RIPE
netname: SpaceshipNetworks
country: UA
[…]
organisation: ORG-SL1132-RIPE
org-name: Spaceshipnetworks LTD
org-type: OTHER
address: Khreshhatik St., 14D, Kyiv (Kiev), UA
[…]
$ whois -h riswhois.ripe.net 5.34.205.54
route: 5.34.205.0/24
origin: AS15828
descr: WCD-AS Blue Diamond Network Co., Ltd., IR

See my post above to David Ritz. I know what the record says
but I don't believe that information to be accurate or correct
please see my other post.

RISWOIS reports current routing *as reported by internet (BGP) routers*.
WHOIS "may" sometimes be outdated or inaccurate. In short: such
discrepancy between WHOIS and RISWHOIS is at very least "interesting".

AFAIR There has bas outbreak on spam source on spamcop top-200 from IP addresses formally assigned to CZ but routed via russian AS.

--
A. Filip

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-03-21 2:03 p.m., Andrzej Adam Filip wrote:

"Bob Milutinovic" <cognicom@gmail.com> wrote:

"Post To Usenet" <posttousenet@gmail.com> wrote in message
news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border (as
are all of the former USSR states, the Middle East, most of Asia and a
large chunk of Africa).

Have you heard about rate limiting? Fail2Ban?

$ whois 5.34.205.54
inetnum: 5.34.205.0 - 5.34.205.255
org: ORG-SL1132-RIPE
netname: SpaceshipNetworks
country: UA
[…]

organisation: ORG-SL1132-RIPE
org-name: Spaceshipnetworks LTD
org-type: OTHER
address: Khreshhatik St., 14D, Kyiv (Kiev), UA
[…]

$ whois -h riswhois.ripe.net 5.34.205.54

route: 5.34.205.0/24
origin: AS15828
descr: WCD-AS Blue Diamond Network Co., Ltd., IR

See my post above to David Ritz. I know what the record says
but I don't believe that information to be accurate or correct
please see my other post.

Thank you,

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-03-21 12:10 p.m., David Ritz wrote:

On Monday, 21 March 2022 11:07 -0600,
in article <t1abc8$3da$1@dont-email.me>,
Jamie Baillie <posttousenet@gmail.com> wrote:

On 2022-03-21 7:21 a.m., Bob Milutinovic wrote:

Jamie <posttousenet@gmail.com> wrote in message
news:t15gr5$5f5$1@dont-email.me...

<a lot of crap>

<snip>

Has anyone else seen anything coming from 5.34.205.54?

</snip>

Nope, nothing here. Ukraine is null-routed at the network border
(as are all of the former USSR states, the Middle East, most of
Asia and a large chunk of Africa).

Have you heard about rate limiting? Fail2Ban?

Yes have heard of Fail2ban and yes I run it already.

It also isn't Ukraine the person responsible for this Clive Rand I
believe is the one using this other IP block to do this.

I got a similar message from the free email account as the one sent
to me by Clive Rand.

They are in Hong Kong not the Ukraine tele0asia.net

# Spaceship Networks
5.34.205.0/24

$ db-ip.sh 5.34.205.54
{
"ipAddress": "5.34.205.54",
"continentCode": "EU",
"continentName": "Europe",
"countryCode": "UA",
"countryName": "Ukraine",
"stateProv": "Kyiv City",
"city": "Kyiv"
}

[omit the backslash escape on Linux]
$ whois -h whois.ripe.net -- -BL\ 5.34.205.54 | grep @
e-mail: bitbucket@ripe.net
e-mail: bitbucket@ripe.net
% Abuse contact for '5.34.192.0 - 5.34.207.255' is 'abuse@rasane.com'
notify: haghshenas@gmail.com
notify: majid.mashayekhi@gmail.com
e-mail: haghshenas@gmail.com
notify: ripe@rsane.com
e-mail: mashayekhi@rasane.com
e-mail: majid.mashayekhi@gmail.com
% Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'
e-mail: spaceshipnetworks@yandex.com
% Abuse contact for '5.34.205.0 - 5.34.205.255' is 'spaceshipnetworks@yandex.com'
e-mail: spaceshipnetworks@yandex.com
e-mail: spaceshipnetworks@yandex.com

Rather than tilting against windmills in Hong Kong, perhaps contacting SpaceshipNetworks' hosting provider might prove more useful.

% Abuse contact for '5.34.204.0 - 5.34.207.255' is 'abuse@rasane.com'

One would hope that Jamie has learned to keep his "reports" neutral,
brief and to the point, rather than including a quagmire of copy and
paste text, such as the butt-load of crap which Bob graciously trimmed.

So far as Jamie being treated rudely in a belligerent manner, it sounds
as though Jamie's been Jamied.

Yes I know Mr. Ritz the information listed on the whois record but I
don't believe that information is accurate. I believe the information
to be inaccurate and is actually Clive Rand from tele-asia.net who is
using this IP block that I was reporting before to do these criminal activities. Also the fact that tele-asia.net has several spamhaus.org
records and the fact that the ports being tried on is the secure port
for my mail server and that is the only port being tried.

I believe that the same person who owns tele-asia.net is using this
IP block 5.34.205.0/24 and IP 5.34.205.54 to try and break into networks
and is providing false information on this whois record and is silently providing connectivity / peering to this IP block though tele-asia.net

That way tele-asia.net won't take any of the heat for this as it isn't
listed under then and uses a free email address on yandex.com and false
whois information on the rest of the record.

It wouldn't be the first time a spammer fakes a whois record.

Also when I emailed abuse@rsane.com I got this response from them
that they are not responsible for this block and point me back to
emailing spaceshipnetworks@yandex.com who is the actual abuser
themselves. Hiding behind false information.

It wouldn't be the first time a spammer has faked the whois information
and provided false information.

I got a very similar email from Clive Rand calling me "Karen" then
shortly after that one from the free yandex account calling me the same
thing I have reason to believe he is in control of that free yandex
account as well as running tele-asia.net and uses this IP block for any
illegal activity (5.34.205.0) so that it doesn't come back on
his company tele-asia.net.

I also emailed info@rasane.com which they have listed on their website
and it bounces back saying the mailbox is full.

Delivery has failed to these recipients or groups:

"info@rasane.com
Your message couldn't be delivered. When Office 365 tried to send the
message, the external email server returned the error below. This is
probably due to a problem or policy setting on the recipient's email system.

Diagnostic information for administrators:

Generating server: DM5PR0401MB3543.namprd04.prod.outlook.com

info@rasane.com
Remote Server returned '550 5.0.350 Remote server returned an error ->
550 Mailbox is full / Blocks limit exceeded / Inode limit exceeded'"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)