We are working on the Azure issue. Ran into a few hiccups on the way. But the issue is being worked.
Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors Sent: Tuesday, August 30, 2016 3:23 PM To: mailop@mailop.org Subject: Re: [mailop] How many more RBL's do we really need? On 16-08-30 12:43 PM, Michael Wise via mailop wrote: > We could use one to call out the location of colo servers that should never > be connecting on port 443, for instance. Um, I can think of a reason why that might not be perfect.. For instance cloud services which monitor your email box for you.. But we get what you mean, having just helped a client that was undergoing a 'dictionary attack' from one.. (Was actually trying POP/IMAP/POPSSL/IMAPSSL) Shoutout to VolumeDrive. <sic> And of course, most people already have a 'local' way of blacklisting them, methods similar to fail2ban etc.. However, it is funny you mention this.. launching a new DNSBL data collection method just for these types of 'hack' sources.. But not sure if DNSBL is the way to use this data.. And the moment we do, of course they just move back to BOTs on DYNA.. and of course you can't block access to 443 from the dynamic IP Address space, because that is where the legitimate users of 443 are.. Which is why we are pushing for changes to the protocols themselves.. Pushing for demanding better public listing of the operators of colo servers (rwhois/SWIP) .. But, sometimes.. (and back to Michelle and the early days of SORBS) sometimes, aggressive DNSBL listings do force REAL change among operators, to actually do something about their business models of allowing that type of activity on their networks.. But given the recent spike's in activity of 'cloud' providers .. (eg, you might like to block anything from www-data@ that comes from cloudapp.net, especially if it was generated from a PHP Script) Return-Path: <www-d...@mail.live.com> Received: from weifuh-ff12.cloudapp.net (HELO mail.live.com) (40.74.120.249) Received: by mail.live.com (Postfix, from userid 33) Subject: Nota Fiscal Eletrônica Nacional de serie/número [2/709460] - [ 935453087 ] X-PHP-Originating-Script: 0:d3jcfdmypm7hett.php .. you can expect that another round of controversy surrounding reputation providers is coming nigh.. there is more and more talk around making the providers responsible for activity on their networks.. in that vein, DNSBL's are the least of their worries. The Digital Ocean's and Amazon's might have started this new opportunity for spammers and hackers (eg anonymous clouds) but now everyone is building one.. $1 VPS's.. anonymous clouds.. Not surprising everyone is building a DNSBL ;) PS, while we might thank Microsoft for making the information on AZURE space available, maybe Microsoft could do a couple of things.. * Make the information available in a DNSBL format * SWIP the space as being used for AZURE NetRange: 40.74.0.0 - 40.125.127.255 CIDR: 40.125.0.0/17, 40.74.0.0/15, 40.76.0.0/14, 40.124.0.0/16, 40.120.0.0/14, 40.112.0.0/13, 40.80.0.0/12, 40.96.0.0/12 Even better.. * Block traffic to Port 25 et al on Egress from the space (they can use Port 587 Submissions and relays) Oh, yeah.. but you mentioned they were attacking Port 443 ;) Umm... we could do that from a script on Azure I assume as well. -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.linuxmagic.com&data=02%7c01%7cmichael.wise%40microsoft.com%7cbef42e20e7974cbc804a08d3d1253a47%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636081930225717450&sdata=84MyX3OTfaTDX9rO2Kk31eB4bjIsyKUxSBt3NkxU%2fGQ%3d @linuxmagic ------------------------------------------------------------------------ A Wizard IT Company - For More Info https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.wizard.ca&data=02%7c01%7cmichael.wise%40microsoft.com%7cbef42e20e7974cbc804a08d3d1253a47%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636081930225717450&sdata=71mPCFFloX3Mq9eBrj4F%2fe43AqfqhULF%2fw%2fzl5CKDlI%3d "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=02%7c01%7cmichael.wise%40microsoft.com%7cbef42e20e7974cbc804a08d3d1253a47%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636081930225717450&sdata=Ohn98508jGUwAHHpOdEuEMp%2fo3opNTeTrneVkvSy2HE%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
