The following is a list in IP number order of blocks of IP numbers I have added to my firewalld rich rules set on mail.edgeinfotech.com, my personal email server running LINUX Fedora 25.
The primary reasons a drop rule is added are noted for each block of IPs in the list. Mainly IPs attempting to stream spam email, to relay through the server, or extended attempts at SASL login authorization are added or other extended scanning or breach attempts.
For certain nation states such as China and Russia and former Russian states, I immediately block the largest allocation associated with the offending IP number(s). I pretty much ignore what are obviously bots doing preliminary door knocking, where there are usually 10 – 20 attempts of a set of login IDs and attempts to login.
So, FWIW, here is the list accumulated since this new iteration of my server went online back in December, 2016, after being offline for six months.