Re: [mailop] large number of mail connections
On Sat, 19 Mar 2022 17:57:44 -0600, Geoff Mulligan via mailop wrote: >I have 3 different mail servers that are currently being inundated with >mail connections from: > >109.237.103.42 > >This appears to be from Russia - go figure. There were a bunch of relay attempts and AUTH LOGIN attempts before various rules here began to compete to see how long the IP would remain in the "no connections" bin. mdr ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Anyone here from emailsrvr.com? - Getting throttled from new IP range
On Sun, Mar 20, 2022 at 06:49:33PM +, Graeme Slogrove via mailop wrote: > Hi, > > If anyone from emailsrvr.com is on this list, please contact me. A new IP > range is being limited. That is Rackspace isn't it? -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Anyone here from emailsrvr.com? - Getting throttled from new IP range
Hi, If anyone from emailsrvr.com is on this list, please contact me. A new IP range is being limited. Thanks in advance. Graeme Email secured by Trustwave advanced threat protection. Learn more at https://trus.tw/mailmarshal This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
On 2022-03-19 at 19:57:44 UTC-0400 (Sat, 19 Mar 2022 17:57:44 -0600)
Geoff Mulligan via mailop
is rumored to have said:
I have 3 different mail servers that are currently being inundated
with mail connections from:
109.237.103.42
This appears to be from Russia - go figure.
FWIW, I'm seeing a lot from that /24 that looks like what I understand
to be a new version of Cutwail, which has stopped sending "EHLO ylmf-pc"
before the greeting banner and is now using randomly variable names
([[:alnum:]]{6,10}) but remains eminently droppable quite early.
But where I can, I've been dropping all packets from the /22 for months.
No collateral damage reported.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
Am 20.03.22 um 00:57 schrieb Geoff Mulligan via mailop: I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff HostGlobalPlus - I've blocked the whole 109.237.96.0/21 at the IP level and even as a "Received:" header matching rule, nothing good ever came from there. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] large number of mail connections
I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
