Having a few customers reporting a REAL strange case.. they are being
overwhelmed by what looks like backscatter, but a very broken backscatter.
All IPs in the 40.92.NNN.NNN block.
The backscatter message coming from postmas...@outlook.com as NDR"s but
not a normal NDR. Being delivered to servers to domains with no A or MX
records..
And we are seeing these IPs now appearing on backscatter.org as well.
NOTE: There is NO body in the message, indicating a reason for the NDR..
.....
Headers below if it helps you..
Received: from mail-mw2nam10olkn2084.outbound.protection.outlook.com
([40.92.42.84]:38112 helo=NAM10-MW2-obe.outbound.protection.outlook.com)
by <REDACTED> with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
id 1qTpwd-004JSX-0J
for Jahnya@<REDACCTED>;
Wed, 09 Aug 2023 23:38:15 +0300
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=XhJ+kYhzxcA3XGZUqeNDfFGChhg6RRkeyxghrj5N2hKNVspJZp/781RbYyYOrp8SdNVnJE8xcAtT7GMMftQMpuzw71YpcfxWAiZm/ED9JLAGctYa4pL5QXHfbnKdlZPYFWWvWKKfBeEJblJkRO0pr1sicHomGiu9cEWfWjAXBtFeL+j9xtEmMPNWkTQNdK2ZhurpDT5FkVjf5EmIvpggWYx5EzWxeu8QQmi4hPcjnFoZX7+9VqpAQuNo0vWFmLGG+LG0GNwVc6K72FyV1RWanqM9Wrmn6jJx39Zw3ys9+Zix2k4za1VuXCQCtQ3BiK4hfheAPadTjrz1vz3ftybqdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=/8Hlqr2Bkfq6i0TwJEPEzEnh2O5u2q/yfM7OsqSCGCQ=;
b=F9MM5U4+LLFaeZCE2N2k9Nf8u6Is8AMIG+M0km0xwWT8dO/Br1UtJtWDK9leiFKt4zTJwY0BgIrmWPbFLi5DJTn+6E/ujI4O6zQW7MSQOoVXHymPLO2gLjxWYAT4IGN8l9nXFPrJRJfz3UVYSA9x30mGIYZ511x6tKTQ22VMXsmV6BS8R0EJlVSuRVdlXLwNdFK9o7fUphomh++Sfz5u0QQOlHWQEBlVcYSnPXhLbtCgiC1Bwq/+QhHDNAB3gllgoI2+F33QkjdUbdPS+yA6IRJHLj2MUl6Gwp8qeEuY8EMHzaaB1DJYf5boQoDd78OfFdGby0gDw0qlnodEv9neVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
MIME-Version: 1.0
From: <postmas...@outlook.com>
To: <Jahnya@<REDACTTED>
Date: Wed, 9 Aug 2023 18:34:51 +0000
Content-Type: multipart/report; report-type=delivery-status;
boundary="cd27c922-00cc-442b-a258-661846c23260"
X-MS-Exchange-Message-Is-Ndr:
Content-Language: en-US
Message-ID:
<a31d006c-e7b6-43b0-8cef-3e39e46ee...@mw4pr03mb6394.namprd03.prod.outlook.com>
In-Reply-To:
<sj2pr07mb9685abe0630efa5e5829ac06d7...@sj2pr07mb9685.namprd07.prod.outlook.com>
References:
<sj2pr07mb9685abe0630efa5e5829ac06d7...@sj2pr07mb9685.namprd07.prod.outlook.com>
Subject: Undeliverable: COUNTDOWN: Final Hours for Vital Upgrade and
Monumental Electricity Savings! geIBq
Auto-Submitted: auto-replied
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MW4PR03MB6394:EE_
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
qoiU3K41Ci+5WTB5cAYw7UBzXMmO04KwHRaCMwqBl7e9Sz7+iyonvAZPRoYDxbKPQ5XFhXI4ldG2jJt/NtjWberFBcH/Httg5cspC9M6GYyQLvQku4Qonj7ej+gVeLFl+LMw5n3Smqfqg8Pzmk/Akj3quj9SPiRsCbMZcP3p/Ybuoqjid5ZA/O3fgI48jxFzghlZR9SDrJRKn+gLmya2hIy3eS+9ArGfYVb7Nt86iYbikDjUqlGo/pheebwIWsIlnpRC9QcK3c0WJizEZUsirtPqzlegaBqz7ZhsPrLVmAxdqJd/Ag5jFhc7nbxr0PNuzoNJdvTcsdw+++B/7D19HxF+b/SdiTtIFg+9qmg+r+eL3mOflAnh9o3vHsijygejNVaA/qRIv2nCtPakOpx0mC0ooEKrvsyC1/GTXdQ7IQzg1BLf7hR/nH6f2rhhu5dnEEyNUr4ewPda02NYfmngtqDPQ7vG1QBQCmusXP4WHyz2f+AV3pwV0JWdrRezQK7e8HjCXfy81Ulbhl3I9+lC8PlxuqV3nCQQopHKlCbvF/cui9rOG02pzpyOz/+O74Kp/O8d8MXwj7KMOD8oMpdgKrWfDAiNHdmz+nOGGajkhCimq8BSAua7eueg8Qxk7ue8R9ds113RPqvCGKYzly9L0H1f54UrW30Tk4CkyQKf47s+7RJVrbFFB7Jv2WrKwxnY3RPlkfcQOdXGCs5u8SuQwPhkB18hHDlYd9pm4subA4/R1i21e0Wqx4pQdY8sGa/w
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
PYwOPBlt5Z1lxNc2cOsbgPB02t5rBb/VkDolnGBkVASJUUkke/pHd9cxJqs67Fl4vwHJI5BzzsO5s+PccTsWiivERCz/1+9gEvzOQXMdY3SyLSh+D9HTB+iKl+6XpYpKzCWS2ktiHbC2e3eGYpqF48XtTFE1Xcq1mjkUi+2DA138jVUAOE6075AEICO/coue
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Aug 2023 18:34:51.8668
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-AuthSource:
MW4PR03MB6394.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-Network-Message-Id:
478f709d-648c-44e3-de5d-08db990751c3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR03MB6394
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
