Re: 52.184.164.73 in my logs

2018-04-15 Thread daniel_1983 
Thanks for confirming this Sven. I took your advice and found out that 
according to fastcompany website, the app stores messages on third party 
servers and sends  password information back to microsoft (annotated source:
https://genius.it/14327807/www.fastcompany.com/3042238/microsofts-new-outlook-app-isnt-safe-for-government-email)

I spotted a couple other IP addresses that also belong to them and are used to 
access my users mailboxes (and possiblty passwords !)

http://www.ispinfo.net/isp/52.232.250.20.html 
http://www.ispinfo.net/isp/40.123.47.209.html

Daniel




​Sent with ProtonMail Secure Email.​

‐‐‐ Original Message ‐‐‐

On April 15, 2018 11:37 AM, Sven Hartge  wrote:

> daniel_1...@protonmail.com wrote:
> 
> > Could it be that the outlook app uses microsoft's servers to fetch the
> > 
> > mail before handing them to the user ?
> 
> Yes, this is the case. Have a little web search for "microsoft outlook
> 
> app security risk" to see the implications.
> 
> Grüße,
> 
> Sven.
> 
> 
> --
> 
> Sigmentation fault. Core dumped.

Re: 52.184.164.73 in my logs

2018-04-15 Thread Sven Hartge 
daniel_1...@protonmail.com wrote:

> Could it be that the outlook app uses microsoft's servers to fetch the
> mail before handing them to the user ? 

Yes, this is the case. Have a little web search for "microsoft outlook
app security risk" to see the implications.

Grüße,
Sven.


-- 
Sigmentation fault. Core dumped.

52.184.164.73 in my logs

2018-04-15 Thread daniel_1983 
Dear list,

One of my users is reading e-mail from his phone. When he logs in, this is what 
I see in my logs : 

Apr 10 16:17:58 auth-worker(17101): Debug: 
sql(x...@mydomain.tld,52.184.164.73): query: SELECT email as user, password 
FROM users WHERE email = LOWER('x...@mydomain.tld')
[...]
Apr 10 16:17:58 imap-login: Info: Login: user=, 
method=LOGIN, rip=52.184.164.73, lip=10.10.10.19, mpid=19286, TLS, 
session=



Both lines show a remote IP of 52.184.164.73, which is strange since all my 
users are, and connect from, Algeria. According to the ispinfo website 
(http://www.ispinfo.net/isp/52.184.164.73.html), this IP belongs to Microsoft.

Could it be that the outlook app uses microsoft's servers to fetch the mail 
before handing them to the user ? 

Daniel.