Cloudways most likely has their SMTP block disabled by default.
Cloudways deploys managed Wordpress VPS on various cloud providers,
Linode being one. Of course, their managed isn't like a fully shared
managed platform where everything is tightly controlled, so Wordpress
compromises are just as likely as on unmanaged servers.
On 2021-11-26 13:01, Michael Peddemors via mailop wrote:
Maybe someone from Linode can comment on this..
Here is a typical spam outbreak from Linode..
Usually these are trapped/tagged because the default PTR is still in
place, so doesn't cause enough problems to report, but they do happen
occasionally in spurts.
Since several times it has been mentioned on the list that Linode
blocks port 25 by default (I have no evidence to support those claims
though)
.. it does make one question how these cases appear.
(Some headers removed for clarity)
Return-Path: <root@fit.clinic>
Received: from li1548-40.members.linode.com (HELO fit.clinic)
(139.162.68.40)
Received: (qmail 23890 invoked by uid 2); 26 Nov 2021 17:25:01 -0000
Message-ID: <20211126172501.23889.qmail@fit.clinic>
From: contact.yoyogi@fit.clinic
(this was an interesting catfish lure in Japanese, returning a 503 now)
Now, either this was a compromised server, or someone stood up a
Linode Instance for the sole purpose of phishing..
It would be interesting to hear how/why this was not blocked by
default (port 25), how long the instance was up and running before it
started its spam/phishing run, and was this a malicous customer, or a
compromise.
Inquiring minds would like to know..
-- Michael --
PS, this one..
Return-Path: <supp...@magento-693809-2292299.cloudwaysapps.com>
Received: from 66-228-37-15.ip.linodeusercontent.com (HELO
693809.cloudwaysapps.com) (66.228.37.15)
Received: by 693809.cloudwaysapps.com (Postfix, from userid 1004)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and
intended
solely for the use of the individual or entity to which they are
addressed.
Please note that any views or opinions presented in this email are
solely
those of the author and are not intended to represent those of the
company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
