Allowed to relay? Otherwise of course, my comment stands.. the ones that
go MX-Direct are usually blocked, but if they relay through the web.de,
per user rate limiters should kick in before it gets to this notable volume.
Everyone IS using per user AUTH rate limiters correct? <wink>
No one is still allowing relay without authentication correct? <wink>
On 2021-08-26 2:37 p.m., Chris via mailop wrote:
Someone inside web.de land got infected with a variant of Gamut spewing
bitcoin extortion scams, and for one reason or other, they routed thru
web.de's mail servers INSTEAD of going MX-direct (perhaps a port 25
redirector).
The raw emails have all the fingerprints of gamut, except that it went
through a "real" (FSVO real) mail server before hitting your MX.
The volumes of gamut generally doing this shit are way up in the past
day or three, but most of that is getting nuked by the XBL or something
similar.
On 2021-08-26 4:46 p.m., Jarland Donnell via mailop wrote:
I've been seeing a trend from there the last few days as well. More
were filtered successfully than not, but the ones that slipped through
all looked similar:
https://paste.mxrouteapps.com/?0b5071a4b2cb089d#HYSAYYMSheQbYiXCZHMfjaVoqRM7naZiXKPkAK2UHju6
On 2021-08-26 14:36, Michael Peddemors via mailop wrote:
82.165.159.12 x5 mout-xforward.gmx.net
82.165.159.13 x7 mout-xforward.gmx.net
82.165.159.14 x5 mout-xforward..gmx.net
82.165.159.2 x66 mout-xforward.web.de
82.165.159.3 x62 mout-xforward.web.de
82.165.159.34 x68 mout-xforward.web.de
82.165.159.35 x56 mout-xforward.web.de
82.165.159.4 x71 mout-xforward.web.de
82.165.159.40 x36 mout-xforward.gmx.net
82.165.159.41 x28 mout-xforward.gmx.net
82.165.159.42 x42 mout-xforward.gmx.net
82.165.159.45 x68 mout-xforward.web.de
Aug 26 12:00:16 be msd[12550]: EHLO command received after STARTTLS,
args: mout-xforward.gmx.net
Aug 26 12:00:16 be msd[12550]: MAIL command received, args:
FROM:<hamwillig4...@gmx.at> SIZE=3714
Aug 26 11:28:59 be msd[29389]: EHLO command received after STARTTLS,
args: mout-xforward.gmx.net
Aug 26 11:29:00 be msd[29389]: MAIL command received, args:
FROM:<paramitaindr...@gmx.ch> SIZE=3719
Did someone's rate limiters fail?
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"MagicSpam" is a Registered TradeMark of Wizard Tower TechnoServices
Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and
intended
solely for the use of the individual or entity to which they are
addressed.
Please note that any views or opinions presented in this email are
solely
those of the author and are not intended to represent those of the
company.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and
intended
solely for the use of the individual or entity to which they are
addressed.
Please note that any views or opinions presented in this email are
solely
those of the author and are not intended to represent those of the
company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
