[mailop] Bogon? 81.70.92.213
Hi folks, in a trustworthy Received: line of a spam I found the source IP 81.70.92.213. Strangely, this IP is pingable, and traceroute finds a way, but neither the IP whois nor the BGP looking glass show to whom it belongs. Not being really knowledgeable about the global routing mechanisms, this somehow looks like a bogon to me. Did anyone else see IPs in that vicinity and has a better explanation? Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
On Sat, 19 Mar 2022 17:57:44 -0600, Geoff Mulligan via mailop wrote: >I have 3 different mail servers that are currently being inundated with >mail connections from: > >109.237.103.42 > >This appears to be from Russia - go figure. There were a bunch of relay attempts and AUTH LOGIN attempts before various rules here began to compete to see how long the IP would remain in the "no connections" bin. mdr ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Anyone here from emailsrvr.com? - Getting throttled from new IP range
On Sun, Mar 20, 2022 at 06:49:33PM +, Graeme Slogrove via mailop wrote: > Hi, > > If anyone from emailsrvr.com is on this list, please contact me. A new IP > range is being limited. That is Rackspace isn't it? -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Anyone here from emailsrvr.com? - Getting throttled from new IP range
Hi, If anyone from emailsrvr.com is on this list, please contact me. A new IP range is being limited. Thanks in advance. Graeme Email secured by Trustwave advanced threat protection. Learn more at https://trus.tw/mailmarshal This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
On 2022-03-19 at 19:57:44 UTC-0400 (Sat, 19 Mar 2022 17:57:44 -0600) Geoff Mulligan via mailop is rumored to have said: I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. FWIW, I'm seeing a lot from that /24 that looks like what I understand to be a new version of Cutwail, which has stopped sending "EHLO ylmf-pc" before the greeting banner and is now using randomly variable names ([[:alnum:]]{6,10}) but remains eminently droppable quite early. But where I can, I've been dropping all packets from the /22 for months. No collateral damage reported. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
Am 20.03.22 um 00:57 schrieb Geoff Mulligan via mailop: I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff HostGlobalPlus - I've blocked the whole 109.237.96.0/21 at the IP level and even as a "Received:" header matching rule, nothing good ever came from there. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] large number of mail connections
I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop