Il 19 marzo 2024 15:33:10 CET, Bill Cole
<sausers-20150...@billmail.scconsult.com> ha scritto:
>On 2024-03-19 at 09:51:04 UTC-0400 (Tue, 19 Mar 2024 08:51:04 -0500)
>Thomas Cameron <thomas.came...@camerontech.com>
>is rumored to have said:
>
>> Does anyone else just block all traffic from *.onmicrosoft.com?
>
>Yes. No collateral damage noticed. That includes a system that has
>administrative and alerting role accounts which handle email alerts from Azure
>and MS365.
>
Disposition-Notifications are sent by onmicrosoft.domain.tld domain afaik.
Giovanni
>> I have literally NEVER gotten anything from that domain which is not obvious
>> junk.
>>
>> I set up postfix to just flat out refuse anything from that domain.[1] If I
>> get any complaints, I may ease it up, but I was getting TONS of spam
>> messages from that domain and I figured it was easiest to just block it.
>>
>> --
>> Thomas
>>
>> [1]
>>
>> [root@east ~]# grep onmicrosoft /etc/postfix/sender_access
>> /@*.onmicrosoft\.com/ REJECT
>>
>> [root@east ~]# grep sender_access /etc/postfix/main.cf
>> check_sender_access regexp:/etc/postfix/sender_access
>>
>> On 3/18/24 21:13, Jimmy wrote:
>>>
>>> It's possible that certain email accounts utilizing email services with
>>> easily guessable passwords were compromised, leading to abuse of the
>>> .onmicrosoft.com subdomain for sending spam via email.
>>>
>>> I've observed an increase in the blocking of IPs belonging to Microsoft
>>> Corporation by the SpamCop blacklist since November 2023, with a notable
>>> spike in activity during February and March 2024.
>>>
>>> Jimmy
>>>
>>>
>>> On Tue, Mar 19, 2024 at 12:10 AM Jared Hall via users
>>> <users@spamassassin.apache.org <mailto:users@spamassassin.apache.org>>
>>> wrote:
>>>
>>> I've several customers whose accounts were used to send spam as a
>>> result
>>> of Microsoft's infrastructure breech.
>>>
>>> Curiously, NOBODY has received any breach notifications from Microsoft,
>>> despite personal information being compromised.
>>>
>>> What has anyone else experienced?
>>>
>>> Thanks,
>>>
>>> -- Jared Hall
>>>
>
>
