On 2021-09-09 8:25 p.m., Jarland Donnell via mailop wrote:
I'm not seeing any from 51.11.6.150 or any mention of egress.cloud in my
recent logs. I do seem to recall that at least at some point, right
after they purchased it from the original dev, the Outlook mobile app
did make the connections to the mail servers from their own IP space.
But I'd expect to have those ranges all throughout my logs.
On 2021-09-09 18:30, J Doe via mailop wrote:
Hi,
Has anyone encountered the following host connecting to their
submission service:
Sep 1 17:19:52 server postfix/smtpd[1158]: Anonymous TLS connection
established from trust.prod.hygiene.egress.cloud[51.11.6.150]:14208:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
A quick WHOIS shows it goes back to a Microsoft IP. I can't say for
certain, and it might be coincidental, but I seem to remember it
connecting roughly around the same time I setup up Outlook on Android
for a user.
Thanks,
- J
Hi Jarland,
Thanks for your feedback. Ok, at least at this point it appears to be
non-malicious, so I won't worry too much about it. Some IP reputation
sites had indicated a possibility of maliciousness, but I haven't seen
it attempt anything (not to mention that some reputation sites are
better than others).
- J
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
