t; ?
-Original Message-
From: mailop On Behalf Of Carl Byington
Sent: Tuesday, February 13, 2018 9:14 AM
To: mailop@mailop.org
Subject: Re: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-02-09 at 22:22 +0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-02-09 at 22:22 +, Michael Wise via mailop wrote:
> It's being ... investigated.
4 days later - still probing an account here every 3 seconds.
40.97.0.0/16 is currently firewalled. In the last month I have not seen
any actual mail de
In article you
write:
>To me that this smells of mis-using SMTP as an authentication backend. Badly.
No, it's probably some bug that makes it think that it has a message
to send but it fails and keeps retrying.
Once upon a time, I though it would be fun to have a content farm, so I set one
up w
On 9 Feb 2018, at 18:49 (-0500), Carl Byington wrote:
> On Fri, 2018-02-09 at 14:56 -0700, Dave Warren via mailop wrote:
>> For those seeing this, is it hitting the same account more than once,
>> or just once per account?
>
> 3 or 4 AUTH attempts per second over port 25 for the same account. 50K+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-02-09 at 14:56 -0700, Dave Warren via mailop wrote:
> For those seeing this, is it hitting the same account more than once,
> or just once per account?
3 or 4 AUTH attempts per second over port 25 for the same account. 50K+
attempts ove
ails.aspx?id=18275> ?
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Scott Undercofler
Sent: Friday, February 9, 2018 2:15 PM
To: mailop
Subject: Re: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
Its hitting a set of accounts over and over
Its hitting a set of accounts over and over and over at least on my “older”
system. On the newer system, Im blocking them for too many connections today so
its hard to tell.
Strangely enough the MS contacts on this list haven’t chimed in….
> On Feb 9, 2018, at 2:56 PM, Dave Warren via mailop
On 2018-02-09 14:20, John Levine wrote:
In article
you write:
I'm confused, the first post said valid credentials, is that what everyone
else is seeing?
Nearly all valid creds seems weirder than mostly invalid... modulo whatever
amount of hijacked or reused creds there are.
Remember that Ou
In article
you write:
>I'm confused, the first post said valid credentials, is that what everyone
>else is seeing?
>
>Nearly all valid creds seems weirder than mostly invalid... modulo whatever
>amount of hijacked or reused creds there are.
Remember that Outlook does account consolidation like G
Sorry for the noise...
Also from EHLO's of
Feb 9 09:29:13 fe1 msd[20338]: EHLO command received, args:
MWHPR22MB0798.namprd22.prod.outlook.com
On 18-02-09 11:23 AM, Michael Peddemors wrote:
Two separate issues I believe...
Aggressive Valid AUTH attempts... EHLO/STARTTLS/AUTH LOGIN/QUIT
A
Two separate issues I believe...
Aggressive Valid AUTH attempts... EHLO/STARTTLS/AUTH LOGIN/QUIT
All from MWHPR01MB2336.prod.exchangelabs.com
Feb 9 10:06:09 fe1 msd[4699]: AUTH success: []
(40.97.117.181)
Feb 9 10:06:10 fe1 msd[4709]: AUTH success: []
(40.97.117.181)
Feb 9 10:06:11 fe1 ms
I'm confused, the first post said valid credentials, is that what everyone
else is seeing?
Nearly all valid creds seems weirder than mostly invalid... modulo whatever
amount of hijacked or reused creds there are.
Brandon
On Fri, Feb 9, 2018, 10:59 AM Rich Kulawiec wrote:
> On Fri, Feb 09, 2018
On Fri, Feb 09, 2018 at 09:56:43AM +0100, Dan Malm wrote:
> I'm seeing an extreme amount of SMTP authentications (over 600/s) [snip]
I wouldn't characterize what I've seen as "extreme" at any of the
observation points I'm monitoring, but I have seen a moderate number of
repeated attempts to authen
, at 8:59 AM, Brotman, Alexander <
>>>> alexander_brot...@comcast.com> wrote:
>>>>
>>>> Not sure if I'd call it extreme, but a marked increase beginning Feb
>>>> 6th.
>>>>
>>>> --
>>>> Alex Brotman
>
crease beginning Feb
6th.
--
Alex Brotman
Sr. Engineer, Anti-Abuse
Comcast
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Dan Malm
Sent: Friday, February 09, 2018 3:57 AM
To: mailop@mailop.org
Subject: [mailop] Extreme amounts of SMTP auth from microso
if I'd call it extreme, but a marked increase beginning Feb 6th.
--
Alex Brotman
Sr. Engineer, Anti-Abuse
Comcast
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Dan Malm
Sent: Friday, February 09, 2018 3:57 AM
To: mailop@mailop.org
Subject: [mailop] Ext
February 9, 2018 8:00 AM
> To: Dan Malm ; mailop@mailop.org
> Subject: Re: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
>
> Not sure if I'd call it extreme, but a marked increase beginning Feb 6th.
>
> --
> Alex Brotman
> Sr. Engineer, Anti-Abuse
riday, February 09, 2018 3:57 AM
To: mailop@mailop.org
Subject: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
Hi
I'm seeing an extreme amount of SMTP authentications (over 600/s) from the
microsoft owned 40.101.0.0/16 range on my customer SMTP servers.
It's just a
...@mailop.org] On Behalf Of Dan Malm
> Sent: Friday, February 09, 2018 3:57 AM
> To: mailop@mailop.org
> Subject: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
>
> Hi
>
> I'm seeing an extreme amount of SMTP authentications (over 600/s) from the
>
bject: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
Hi
I'm seeing an extreme amount of SMTP authentications (over 600/s) from the
microsoft owned 40.101.0.0/16 range on my customer SMTP servers.
It's just auth, with valid credentials, and then it disconnects right after
Hi
I'm seeing an extreme amount of SMTP authentications (over 600/s) from
the microsoft owned 40.101.0.0/16 range on my customer SMTP servers.
It's just auth, with valid credentials, and then it disconnects right
after so no attempts to send any mails have been done for the vast
majority of these
21 matches
Mail list logo