>From our logs, we did an mx lookup for az-ambachgraben.ch and got mx.imp.ch. Just for an hour and a half that day, give or take.
¯\_(ツ)_/¯ No more detailed logs are available from that far back at this point. Brandon On Thu, Jun 18, 2020 at 11:34 PM Benoît Panizzon via mailop < mailop@mailop.org> wrote: > Hi Team > > I was made aware that a Google IP is listed in one of the blacklists we > operate. > > Strangely this hinted that Google was attempting to send an email to an > IP address which is running a spamtrap/honeypot and for sure is not > used as MX. > > Normally this is only being hit by bots scanning for open relays or > performing dictionary attacks and similar. So no whitelist is being > checked on that honeypot. > > Received: from mail-ej1-f49.google.com ([209.85.218.49]:41776) from > ******@******.ch Auth: by a Spamtrap on 157.161.57.6 25 > pretending to be an open relay for *****@az-ambachgraben.ch; Wed, 10 Jun > 2020 13:04:58 +0200 (CEST) > > az-ambachgraben.ch mail is handled by 10 rrmx.imp.ch. > > rrmx.imp.ch has address 157.161.12.4 > rrmx.imp.ch has address 157.161.12.5 > rrmx.imp.ch has address 157.161.12.6 > rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:6 > rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:4 > rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:5 > > It is an IP Addresses in the same AS, but it looks like google just sent > that email to a completely unrelated IP. > > Has anyone else seen this behaviour? > > -- > Mit freundlichen Grüssen > > -Benoît Panizzon- @ HomeOffice und normal erreichbar > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > <+41%2061%20826%2093%2000> > CH-4133 Pratteln Fax +41 61 826 93 01 > <+41%2061%20826%2093%2001> > Schweiz Web http://www.imp.ch > ______________________________________________________ > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
