Re: [mailop] [INFORMATIONAL] Larger than normal spam outbreak from web.de

Allowed to relay? Otherwise of course, my comment stands.. the ones that go MX-Direct are usually blocked, but if they relay through the web.de, per user rate limiters should kick in before it gets to this notable volume. Everyone IS using per user AUTH rate limiters correct? No one is still a

Re: [mailop] [INFORMATIONAL] Larger than normal spam outbreak from web.de

Someone inside web.de land got infected with a variant of Gamut spewing bitcoin extortion scams, and for one reason or other, they routed thru web.de's mail servers INSTEAD of going MX-direct (perhaps a port 25 redirector). The raw emails have all the fingerprints of gamut, except that it went

Re: [mailop] email scans from AWS

In the 500+ recent hits in my traps from AWS, I don't actually have anything like this showing up. Perhaps because I'm only capturing full emails, not just noting SMTP activity. But if you google the domain and these IPs you can see it's not necessarily new traffic--there are examples of people ask

Re: [mailop] email scans from AWS

I haven't seen that but I do have recent activity from that IP, examples: lucy.mxrouting.net: 2021-08-26 09:38:25 H=ec2-18-215-245-250.compute-1.amazonaws.com (cluster-3.mogonodo.com) [18.215.245.250] X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F= rejected RCPT safari.mxrouting.net: 2021

Re: [mailop] [INFORMATIONAL] Larger than normal spam outbreak from web.de

I've been seeing a trend from there the last few days as well. More were filtered successfully than not, but the ones that slipped through all looked similar: https://paste.mxrouteapps.com/?0b5071a4b2cb089d#HYSAYYMSheQbYiXCZHMfjaVoqRM7naZiXKPkAK2UHju6 On 2021-08-26 14:36, Michael Peddemors via

[mailop] [INFORMATIONAL] Larger than normal spam outbreak from web.de

82.165.159.12 x5 mout-xforward.gmx.net 82.165.159.13 x7 mout-xforward.gmx.net 82.165.159.14 x5 mout-xforward..gmx.net 82.165.159.2x66 mout-xforward.web.de 82.165.159.3x62 mout-xforward.web.de 82.165.159.34 x68 mout-xforward.web.de 82.165.159.35 x56

Re: [mailop] email scans from AWS

Not that specific pattern ;) But definitely, AWS waters getting dirtier and dirtier.. There are several email validator services, AUTH attackers, and dictionary attacks coming from the IP space, they quickly get added to RBL's since there isn't much use reporting them, if there is no motivati

[mailop] email scans from AWS

We've noticed an increase of email scans from AWS IP addresses, they seem to be testing for variations of the same email: ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1 ec2-18-215-245-250.compute-1.amazonaws.com[18.215.245.250]: 550 5.1.1 ec2-18-215-245-250.compute-1.a