Hi Team I was made aware that a Google IP is listed in one of the blacklists we operate.
Strangely this hinted that Google was attempting to send an email to an IP address which is running a spamtrap/honeypot and for sure is not used as MX. Normally this is only being hit by bots scanning for open relays or performing dictionary attacks and similar. So no whitelist is being checked on that honeypot. Received: from mail-ej1-f49.google.com ([209.85.218.49]:41776) from ******@******.ch Auth: by a Spamtrap on 157.161.57.6 25 pretending to be an open relay for *****@az-ambachgraben.ch; Wed, 10 Jun 2020 13:04:58 +0200 (CEST) az-ambachgraben.ch mail is handled by 10 rrmx.imp.ch. rrmx.imp.ch has address 157.161.12.4 rrmx.imp.ch has address 157.161.12.5 rrmx.imp.ch has address 157.161.12.6 rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:6 rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:4 rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:5 It is an IP Addresses in the same AS, but it looks like google just sent that email to a completely unrelated IP. Has anyone else seen this behaviour? -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
