[mailop] Protection Outlook..

Mon, 14 Sep 2015 12:12:49 -0700

Monitoring from ISP's and Telco's has always shown a lot of leakage from the servers called.. 

mail-pu1apc01hn0200.outbound.protection.outlook.com

And over the last week, those numbers substantially increased..
However, while caught by our filtering systems, you have to look at some simple obvious issues..
(Maybe someone can explain how this traffic is relayed, and why it is so hard to stop at the source?) 

Return-Path: <>
^^^^ (We wrote a 'fake bounce' rule specifically for protection.outlook.com servers) Much of the spam shows up with no Return-Path, I am sure that can be prevented, no? 

Delivered-To: mich...@linuxmagic.com
Received: (qmail 29387 invoked from network); 14 Sep 2015 17:13:15 -0000
Received: from mail-pu1apc01hn0200.outbound.protection.outlook.com (HELO APC01-PU1-obe.outbound.protection.outlook.com) (104.47.126.200) 
        by be.cityemail.com with SMTP
        (e1fa336e-5b03-11e5-8599-5bc0ef165c91); Mon, 14 Sep 2015 10:13:15 -0700
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>;

^^^^^ Could this be a clue? No Sender IP? No MailFrom?

Received: from [106.223.20.123] (106.223.20.123) by
 SG2PR0201MB0984.apcprd02.prod.outlook.com (10.162.202.155) with Microsoft
 SMTP Server (TLS) id 15.1.268.17; Mon, 14 Sep 2015 17:13:03 +0000
Content-Type: multipart/alternative; boundary="===============0365285247=="
MIME-Version: 1.0
Subject: I Have An Urgent Matter To Discuss With You
To: recipie...@wizard.ca
From: v...@wizard.ca, hol...@wizard.ca, k...@wizard.ca
^^^^ None of the above exist of course.. actually sent to different addresses 

Date: Mon, 14 Sep 2015 22:42:56 +0530
Reply-To: <verahollinkv...@gmail.com>

^^^^^ Isn't this suspicious?

X-Originating-IP: [106.223.20.123]
X-ClientProxiedBy: SIXPR04CA0018.apcprd04.prod.outlook.com (10.141.119.18) To 
 SG2PR0201MB0984.apcprd02.prod.outlook.com (25.162.202.155)
Message-ID: <sg2pr0201mb0984421673866d891ba3d4e8b8...@sg2pr0201mb0984.apcprd02.prod.outlook.com> X-Microsoft-Exchange-Diagnostics: 1;SG2PR0201MB0984;2:DpA0F2dJRZL6VQXFrQnkB3Z8/ReXskz4pVJY6BUpdjtWEz5zYsOID3dzCAHd/m7G2jqcj3HfWm4M+UP80M0tvmBFCupyYiXxT+XAcCOjMV7q6t5WpubiPtAE7A52cU56yeZkXTOELH4tI3QYE9uj3Zo7fOEwCQOnQz3x2VnVxYM=;3:CFlhH9x7XVpZ3er/tCHX0kQ0voUBhYQfhYZ39lCn879cgWFbKJUmTr2gDRRvg/t/olg7Mw21SmY7TLD/heQWhcRDL9uUFAMRE85v3BZ6tsY7BZshCze6XUh26fzi6vgNxsHLUZso1R6dwBWADvk0ng==;25:HPsyHIWTYwJAG7uHV7YuwGZSPzOzBLA8t3bAqixvK3Abhvo2KTZp5XJiDge4FucBQOtitr0Xb6add8rslohiM46lfcpq473QL1/IMDdbmlDVyyLYskdWxGrhCJld6Zwmxe+386AvZ0biRETlSDxRlbgxZlPtez3Nb9O4gVRBHdc/iI1/4WvKucH9csxdVnRKJc4LRhegEHJu9v5RQxXBAqNangbh6XC6CV16O98R309lbrtJnhbLpLZBxBFyTJAc3OZYjVCrpO+G+NcVbIRUTg==;4:7IT9ANK/iM8i2MpsuCqymG2VcV0PzYt8VynvZ1fSCktWHq8C3tryqOCf/5PpcKvDkPmHJ/nSegF9C1tM3IlcswzubBhC/H0BKjGO2jo06pgnydkyGSxDbnoIUTxlGHfo6erhlsnVZ+i1t3sbDZLs1WZknBlGXji6V5ZRePXIbxpUARpkA6YHl1ppu6wSUVD+xMZp0nmy7hRahB9wW2ODwiwKUkhZzkxZ7aHcs/bQmsS+GSQ4SxzwkS9HkZ51tHRWLgaQnNu/+anaNssebSzpA8YUvZJR/3J+J7K5zIuT7b5HuamuHj3L13SACVmpV6hh 
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SG2PR0201MB0984;
X-Microsoft-Antispam-PRVS: <sg2pr0201mb0984a5ae9c301198ec8fdda4b8...@sg2pr0201mb0984.apcprd02.prod.outlook.com> 
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(5005006)(8121501046)(3002001);SRVR:SG2PR0201MB0984;BCL:0;PCL:0;RULEID:;SRVR:SG2PR0201MB0984; 
X-Forefront-PRVS: 0699FCD394
X-Forefront-Antispam-Report: SFV:SPM;SFS:(10019020)(6009001)(6049001)(189002)(199003)(250100001)(40100003)(43066003)(189998001)(107886002)(84326002)(122386002)(33656002)(77156002)(62966003)(74316001)(325944007)(218543002)(5000100001)(46102003)(19580405001)(64706001)(19580395003)(53806999)(78352002)(42382002)(110136002)(66066001)(4001450100002)(5001860100001)(5001960100002)(101416001)(46552002)(76576001)(5005630100001)(5007970100001)(81956001)(50986999)(54356999)(512934002)(87976001)(5004730100002)(5001830100001)(106356001)(109986003)(105586002)(81156007)(4001600100001)(4001540100001)(97736004)(229853001)(68736005)(42186005)(77096005)(555904002)(83656004);DIR:OUT;SFP:1501;SCL:5;SRVR:SG2PR0201MB0984;H:[106.223.20.123];FPR:;SPF:None;PTR:InfoNoRecords;MX:0;A:0;LANG:en; 
Received-SPF: None (protection.outlook.com: [106.223.20.123] does not
 designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;SG2PR0201MB0984;23:GTAm4JueC/hCGwJ+QjOszt7FQ0fAfNqkU0FZHXF?= 

=?us-ascii?Q?Wm8mHoAb67+T48mkbN/hdVQQnEquCmYWTM0oBIBivIlqDDmNBrc0t2Au2zel?=

=?us-ascii?Q?VWBeiGuku3GJVD9e7codvzanVV1rB+bLjCDnLuKrrKivk3iN8xYJC25RoFD+?=

=?us-ascii?Q?FxUCn7HvCbTFwLD+ChZCJpb2MdMXgg/E5KG99tnV6ImHt7VTonGjIWMt+CLy?=

=?us-ascii?Q?datmv0f/2MJ1h/WCNpElwPKv3zyQ4bRAzHyJ281S4dZbMff+J2z7+pVMsoEG?=

=?us-ascii?Q?yKYbBT0QZImzIITWDdWcu08nvdheWI+2TpFSJGqNCIGW1CFxkHCyJUwYgMq4?=

=?us-ascii?Q?YIxe9xQ+BQVE5ysDZ+yHZX0UDnJVBHDTvT4tqxxAZb54pY2BXWW2EgS6mD6L?=

=?us-ascii?Q?2iLXrWQbCy/ZuU7HZy7vG16irbzzzc9vJgnt8frFnH4DDQcouhffLX/rFVYi?=

=?us-ascii?Q?7QHUYpS6a6TZwpE2vGVL4g67r+/WEq67oxsFdDnnSYJmDz1/8ZnJ6SZUn9q2?=

=?us-ascii?Q?F7yk5B87VOOKS8lPf/XtcA3PLZQjztofSWRFmuqmWCLMN5Iaf81PmwLP6brJ?=

=?us-ascii?Q?DeKCzVqg1rScMvKQXwN/2mc53Zow6aBaOF6ALwcXWWmHZslUJSJYM+ZuL+v2?=

=?us-ascii?Q?GbTXuFLScarxzAPRg4YdsfDBxZsdeZ/1UsoByRS1Vrl9YESoXsWtC5bKU12y?=

=?us-ascii?Q?pQEh0Ymt2/ik28UkBvqhJKYG1hlRjQr6xwNBN5ddaLPFwKK4UqlQ1s70n+n1?=

=?us-ascii?Q?U63Rrl8jeBsP2lNR/P93Vcw8oLYg/jDY45AU9H6MDcObqtsTVMScgjbhbfoV?=

=?us-ascii?Q?IoLHSbe2cvXWzc1JQc8xt/sKp8AzLNCIzQxwM1K9htgyPzO0ju12zU9aiCSk?=

=?us-ascii?Q?aGEQfff7vvXOLX/EeqGYgIKNa1lHml0COB2xl1TzqaZlgOCpmkHBAWC1E2Ry?=

=?us-ascii?Q?WMAhOBTrYuFlUAcn3M4y4OizP7pWznDYAej8f/rjr2NRR1NOhxKHHJDo/CHQ?=

=?us-ascii?Q?qU6zk2YzSU+Lh6gWXRNXFOPV9gNGXy5QJemNpJXI2VeGeXC/TwdARc1pPy4T?=

=?us-ascii?Q?lmSSe6IRdrpaHnsvGox1BziztCrMkSYdLN6B0JlG4yDbCLEmj+iptP+FkffX?=

=?us-ascii?Q?CJv54GuReCijN0k2oaH8yh2kzlZrDOaw50f4qxVtOxAXdaXcllHHHfkDALXI?=

=?us-ascii?Q?kJ22xUJLrPSFTlxD+mUAm0ra2IwcwC17oWEq0DjpWjQ8XLI25eVW6CFrCPhr?=

=?us-ascii?Q?0h38s67T0lwG8Ahh8WdYVyYBUWezxnExVlpPm5FQoEVvl+0p1MOUHGEKdwR+?=

=?us-ascii?Q?1l9YptcqEiMG5r/m9c7kyFJq9TsICXzlrqYILmLhJXXv4r+fxbgBuYzERufT?=

=?us-ascii?Q?GH4H0zwGHACgOm5BA3lalnM3m/zO7zDAYCXypaqOhoYRbROS3PYFul/wN/2X?=
 =?us-ascii?Q?HTnCx1tz8RTDPuX00O1Tk56vI5L+3ZRG++UL4S/fr+WWJMVpADzud?=
X-Microsoft-Exchange-Diagnostics: 1;SG2PR0201MB0984;5:DHi8uT3YBEcGROVuXJ7P9GFDJsyTcFU4F6oLcwN0/ilAGohUHpfrBkwMR/UoPewFCtdfLHAHIQ9KNukRNUWdfYVOR3ka94Y7k8DTEdCfohNJLoXGrg6z0aU7bUhL9oyhXmYoDixezX4KH1XC3vVzng==;24:755GO1iO7adsfrNtXH6lzUvnDcjqOByfKk0LiQOYfHeOMismf/8+tYjLKismfGN8V1+2YVgyqdfch8qjUguj5Q==;20:4D5SyT885auknO+N2+2RR/7T6xYeo3pXvx3tFfyREYtNdU/ojKbDUrOMQH9NpQi0qRn3+kdmXy/lWOAAXN8Wag== 
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: 00000000%2D0000%2D0000%2D0000%2D000000000000
X-OriginatorOrg: davidmiss.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2015 17:13:03.5185
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR0201MB0984



--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"MagicSpam" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. 




--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Reply via email to