Maybe someone from Linode can comment on this..
Here is a typical spam outbreak from Linode..
Usually these are trapped/tagged because the default PTR is still in
place, so doesn't cause enough problems to report, but they do happen
occasionally in spurts.
Since several times it has been mentioned on the list that Linode blocks
port 25 by default (I have no evidence to support those claims though)
.. it does make one question how these cases appear.
(Some headers removed for clarity)
Return-Path: <root@fit.clinic>
Received: from li1548-40.members.linode.com (HELO fit.clinic)
(139.162.68.40)
Received: (qmail 23890 invoked by uid 2); 26 Nov 2021 17:25:01 -0000
Message-ID: <20211126172501.23889.qmail@fit.clinic>
From: contact.yoyogi@fit.clinic
(this was an interesting catfish lure in Japanese, returning a 503 now)
Now, either this was a compromised server, or someone stood up a Linode
Instance for the sole purpose of phishing..
It would be interesting to hear how/why this was not blocked by default
(port 25), how long the instance was up and running before it started
its spam/phishing run, and was this a malicous customer, or a compromise.
Inquiring minds would like to know..
-- Michael --
PS, this one..
Return-Path: <supp...@magento-693809-2292299.cloudwaysapps.com>
Received: from 66-228-37-15.ip.linodeusercontent.com (HELO
693809.cloudwaysapps.com) (66.228.37.15)
Received: by 693809.cloudwaysapps.com (Postfix, from userid 1004)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
