Re: [mailop] large number of mail connections
On Sat, 19 Mar 2022 17:57:44 -0600, Geoff Mulligan via mailop wrote: >I have 3 different mail servers that are currently being inundated with >mail connections from: > >109.237.103.42 > >This appears to be from Russia - go figure. There were a bunch of relay attempts and AUTH LOGIN attempts before various rules here began to compete to see how long the IP would remain in the "no connections" bin. mdr ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
On 2022-03-19 at 19:57:44 UTC-0400 (Sat, 19 Mar 2022 17:57:44 -0600) Geoff Mulligan via mailop is rumored to have said: I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. FWIW, I'm seeing a lot from that /24 that looks like what I understand to be a new version of Cutwail, which has stopped sending "EHLO ylmf-pc" before the greeting banner and is now using randomly variable names ([[:alnum:]]{6,10}) but remains eminently droppable quite early. But where I can, I've been dropping all packets from the /22 for months. No collateral damage reported. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
Am 20.03.22 um 00:57 schrieb Geoff Mulligan via mailop: I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff HostGlobalPlus - I've blocked the whole 109.237.96.0/21 at the IP level and even as a "Received:" header matching rule, nothing good ever came from there. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] large number of mail connections
I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop