More detailed digging further confirms the initial report: Lots of (millions per day) connections from Microsoft ip-space on our submission infrastructure, using TLS and successful authentications, sending an actual mail in about 1 of a 1.000 connections almost exclusively from 2603:1026::/32 using many different ip-addresses (+/- 1500 connections per address per day)
Lots of possible causes but it would be nice if somebody from Microsoft/Outlook could take a peek. -- Andre, soverin.net <http://soverin.net/> > On 14 Aug 2023, at 11:55, Andre Meij via mailop <mailop@mailop.org> wrote: > > Initial searches seem to show the same here, millions of connections from > this ip-range over the past few days and only a couple of thousand actual > auths/mails sent. > > -- > Andre, soverin.net <http://soverin.net/> > > >> On 14 Aug 2023, at 11:33, Dan Malm via mailop <mailop@mailop.org> wrote: >> >> On 2023-08-14 11:05, Jaroslaw Rafa via mailop wrote: >>> Dnia 14.08.2023 o godz. 10:42:53 Dan Malm via mailop pisze: >>> Do you have AUTH turned on on port 25? Why? >>> Or are they accessing the submission port? >> >> I don't think anything i wrote suggested this was relating port 25... >> They're connecting to port 465 to a system that is solely used for outbound >> mail. Inbound MX:es have different hostnames and IPs. >> >> -- >> BR/Mvh. Dan Malm, Systems Engineer, one.com >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://list.mailop.org/listinfo/mailop > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
