Re: [mailop] large number of mail connections
On Sat, 19 Mar 2022 17:57:44 -0600, Geoff Mulligan via mailop wrote: >I have 3 different mail servers that are currently being inundated with >mail connections from: > >109.237.103.42 > >This appears to be from Russia - go figure. There were a bunch of relay attempts and AUTH LOGIN attempts before various rules here began to compete to see how long the IP would remain in the "no connections" bin. mdr ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
On 2022-03-19 at 19:57:44 UTC-0400 (Sat, 19 Mar 2022 17:57:44 -0600)
Geoff Mulligan via mailop
is rumored to have said:
I have 3 different mail servers that are currently being inundated
with mail connections from:
109.237.103.42
This appears to be from Russia - go figure.
FWIW, I'm seeing a lot from that /24 that looks like what I understand
to be a new version of Cutwail, which has stopped sending "EHLO ylmf-pc"
before the greeting banner and is now using randomly variable names
([[:alnum:]]{6,10}) but remains eminently droppable quite early.
But where I can, I've been dropping all packets from the /22 for months.
No collateral damage reported.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Re: [mailop] large number of mail connections
Am 20.03.22 um 00:57 schrieb Geoff Mulligan via mailop: I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff HostGlobalPlus - I've blocked the whole 109.237.96.0/21 at the IP level and even as a "Received:" header matching rule, nothing good ever came from there. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] large number of mail connections
I have 3 different mail servers that are currently being inundated with mail connections from: 109.237.103.42 This appears to be from Russia - go figure. Geoff ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
