On 2024-02-13 22:57, Hans-Martin Mosner via mailop wrote:
We've been seeing runs of spam mails from Microsoft IP addresses without
reverse DNS (possibly cloud servers).
One is sending with addresses <pharmacy@*>, starting on February 8.
The other (same or different spammer?) uses <ne-pas-repondre-*@*> and
started just yesterday.
Have others seen these? Is there some way to identify the host IPs which
are used by those cloud servers, so one could block incoming SMTP from
them if Microsoft can't be bothered to block outgoing SMTP?
Cheers,
Hans-Martin
Hans, you should be blocking ANY connection attempts to port 25 with no
PTR record, most of us have been safely doing this for many years..
And of course, can you confirm if this is possibly attempt at SMTP AUTH?
We have been seeing a lot of that for the last two years.
Oh, and a sample IP would be helpful, DYK you can download a JSON file
from Microsoft that covers all their IP Space, and the purposes. Not
100% easy or accurate, but gets you where you need to be.
(DO wish these "Too Big to Block" would SWIP their IP space more
fractionally, or run their own 'rwhois' services with accurate details)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
