Hello,
the "mout-xforward" servers of GMX + web.de are specifically used for
"low reputation traffic", see:
https://postmaster.web.de/en/email-server
https://postmaster.gmx.net/en/email-server
As far as I know they are used for forwarding mails which are
likely/definitly spam (which were put into the "Spam" folder, but got
forwarded by a rule). So you can or should expect that the percentage of
spam coming from there is high/higher...
I'm sure someone from GMX/web.de will respond here shortly and give some
more details. (I'm not working for GMX/web.de/United Internet)
Michael
Am 27.08.2021 um 00:01 schrieb Michael Peddemors via mailop:
Allowed to relay? Otherwise of course, my comment stands.. the ones
that go MX-Direct are usually blocked, but if they relay through the
web.de, per user rate limiters should kick in before it gets to this
notable volume.
Everyone IS using per user AUTH rate limiters correct? <wink>
No one is still allowing relay without authentication correct? <wink>
On 2021-08-26 2:37 p.m., Chris via mailop wrote:
Someone inside web.de land got infected with a variant of Gamut
spewing bitcoin extortion scams, and for one reason or other, they
routed thru web.de's mail servers INSTEAD of going MX-direct (perhaps
a port 25 redirector).
The raw emails have all the fingerprints of gamut, except that it
went through a "real" (FSVO real) mail server before hitting your MX.
The volumes of gamut generally doing this shit are way up in the past
day or three, but most of that is getting nuked by the XBL or
something similar.
On 2021-08-26 4:46 p.m., Jarland Donnell via mailop wrote:
I've been seeing a trend from there the last few days as well. More
were filtered successfully than not, but the ones that slipped
through all looked similar:
https://paste.mxrouteapps.com/?0b5071a4b2cb089d#HYSAYYMSheQbYiXCZHMfjaVoqRM7naZiXKPkAK2UHju6
On 2021-08-26 14:36, Michael Peddemors via mailop wrote:
82.165.159.12 x5 mout-xforward.gmx.net
82.165.159.13 x7 mout-xforward.gmx.net
82.165.159.14 x5 mout-xforward..gmx.net
82.165.159.2 x66 mout-xforward.web.de
82.165.159.3 x62 mout-xforward.web.de
82.165.159.34 x68 mout-xforward.web.de
82.165.159.35 x56 mout-xforward.web.de
82.165.159.4 x71 mout-xforward.web.de
82.165.159.40 x36 mout-xforward.gmx.net
82.165.159.41 x28 mout-xforward.gmx.net
82.165.159.42 x42 mout-xforward.gmx.net
82.165.159.45 x68 mout-xforward.web.de
Aug 26 12:00:16 be msd[12550]: EHLO command received after STARTTLS,
args: mout-xforward.gmx.net
Aug 26 12:00:16 be msd[12550]: MAIL command received, args:
FROM:<hamwillig4...@gmx.at> SIZE=3714
Aug 26 11:28:59 be msd[29389]: EHLO command received after STARTTLS,
args: mout-xforward.gmx.net
Aug 26 11:29:00 be msd[29389]: MAIL command received, args:
FROM:<paramitaindr...@gmx.ch> SIZE=3719
Did someone's rate limiters fail?
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"MagicSpam" is a Registered TradeMark of Wizard Tower
TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and
intended
solely for the use of the individual or entity to which they are
addressed.
Please note that any views or opinions presented in this email are
solely
those of the author and are not intended to represent those of the
company.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices
Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and
intended
solely for the use of the individual or entity to which they are
addressed.
Please note that any views or opinions presented in this email are
solely
those of the author and are not intended to represent those of the
company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
