On 2022-03-19 at 19:57:44 UTC-0400 (Sat, 19 Mar 2022 17:57:44 -0600)
Geoff Mulligan via mailop <ge...@proto6.com>
is rumored to have said:
I have 3 different mail servers that are currently being inundated
with mail connections from:
109.237.103.42
This appears to be from Russia - go figure.
FWIW, I'm seeing a lot from that /24 that looks like what I understand
to be a new version of Cutwail, which has stopped sending "EHLO ylmf-pc"
before the greeting banner and is now using randomly variable names
([[:alnum:]]{6,10}) but remains eminently droppable quite early.
But where I can, I've been dropping all packets from the /22 for months.
No collateral damage reported.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop