On 18.06.2024 at 19:45 . Mark Stone via mailop wrote: > FWIW, we use Fail2Ban to block all AWS EC2 IPs that have an > "ec2-xxx.compute...amazonaws.com" PTR record, and another Fail2Ban rule to > block hosts that HELO with "127.0.0.1".
That's a good idea, except when you have to deal with companies like Everbridge Inc or Tencent QQ, which apparently think it's a good idea to rent VMs at various cloud providers and run them with their default config. ----- Original Message ----- | From: "Michael Peddemors via mailop" <mailop@mailop.org> | To: "mailop" <mailop@mailop.org> | Sent: Tuesday, June 18, 2024 1:12:18 PM | Subject: [mailop] Another 'Verified Email' service on AWS EC2 | Jun 18 09:58:03 be msd[1959712]: CONN: 34.229.185.73 -> 25 GeoIP = | [US] PTR = ec2-34-229-185-73.compute-1.amazonaws.com OS = Linux | 2.2.x-3.x Jun 18 09:58:04 be msd[1959712]: HELO command received, | args: [127.0.0.1] Jun 18 09:58:04 be msd[1959712]: RSET command received, args: | Jun 18 09:58:04 be msd[1959712]: MAIL command received, args: | FROM:<verify-no-re...@thrust.io> | | * No custom PTR record | * HELO is obviously bad.. | | Love the link on their website, trusted by professionals at Amazon, | Cisco, Adobe.. | | Fortunately our spam auditing team's DRE (Dynamic Rule Engine) and DFS | (Distributed Feedback Systems) find these IPs, so they can be shared | with the community at large.. Of course, our systems don't actually | let those systems do any email scraping or verification .. | | Just another trend on Amazon's EC2 that is getting really old really fast. Thanks, blocked. -- BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
