Into the OnionMail's federated network there are two exit/enter server that forward the email messages between tor network and the internet. These servers are: onionmail.info and onionmail.zapto.org The first is the mail exit server, the second is a server to do network testing and security check.
We was recived some scanning from 198.143.173.188 and other chinese and russian proxy form jaunary to yesterday. The exit node of OnionMail has a correlation between hidden services and ip address. To prevent real correlation we are implementing a new deamon NTU: Network Terminator Unit. (A proxy between tor, internet and vice versa).
Back to the point:
The NTU project could be update to hide the hidden services rotating the connections between tor relay servers. We can create another layer to protect the hidden services real ip address using a protol like ATM. (Connection ID, relative to hop and *not use ip address* with Virtual Circuit Multiplexing).
The server onionmail.zapto.org was over debugging and wireshark. We make available the logs if you need to lend a hand to understand what happened.