Hello,
the "mout-xforward" servers of GMX + web.de are specifically used for
"low reputation traffic", see:
https://postmaster.web.de/en/email-server
https://postmaster.gmx.net/en/email-server
As far as I know they are used for forwarding mails which are
likely/definitly spam (which were put
Allowed to relay? Otherwise of course, my comment stands.. the ones that
go MX-Direct are usually blocked, but if they relay through the web.de,
per user rate limiters should kick in before it gets to this notable volume.
Everyone IS using per user AUTH rate limiters correct?
No one is still a
Someone inside web.de land got infected with a variant of Gamut spewing
bitcoin extortion scams, and for one reason or other, they routed thru
web.de's mail servers INSTEAD of going MX-direct (perhaps a port 25
redirector).
The raw emails have all the fingerprints of gamut, except that it went
I've been seeing a trend from there the last few days as well. More were
filtered successfully than not, but the ones that slipped through all
looked similar:
https://paste.mxrouteapps.com/?0b5071a4b2cb089d#HYSAYYMSheQbYiXCZHMfjaVoqRM7naZiXKPkAK2UHju6
On 2021-08-26 14:36, Michael Peddemors via
82.165.159.12 x5 mout-xforward.gmx.net
82.165.159.13 x7 mout-xforward.gmx.net
82.165.159.14 x5 mout-xforward..gmx.net
82.165.159.2x66 mout-xforward.web.de
82.165.159.3x62 mout-xforward.web.de
82.165.159.34 x68 mout-xforward.web.de
82.165.159.35 x56