+Apache SpamAssassin SysAdmins & bcc'ing Ross Gardler
Thank you, Ralph. Can you ask the CERT team to respond with the
resolution/response please so we know if it's an error by a researcher,
an active attack, etc. so we can respond appropriately? It appears the
box is offlined which is good too! Appreciate the fast response.
Regards,
KAM
On 11/7/2017 5:38 AM, Microsoft Online Safety wrote:
Hi ,
Based on the information you have provided, this may have originated
from an account hosted on Microsoft Azure.
We forwarded your complaint to the CERT team for review and action.
Should you encounter additional reports from the same IP, send them
directly to c...@microsoft.com.
Additional information about Azure related issues can be found at this
link https://portal.msrc.microsoft.com/en-us/engage/cars
Kindly,
Ralph
Microsoft Online Safety
------------------------------------------------------------------------
--- Original Message ---
*From* : "MS Online Customer Service (abuse)"
*Sent* : Tuesday, November 7, 2017 3:43:28 AM UTC
*To* :
"mosaf.mrea.ww.00.en.cvg.mnl.au.t01.spt.sg...@css.one.microsoft.com"
*Subject* : FW: Mailserver at 52.169.9.191
*From:*Kevin A. McGrail [mailto:kevin.mcgr...@mcgrail.com]
*Sent:* Monday, November 6, 2017 7:35 PM
*To:* Matthias Leisi <matth...@dnswl.org>;
andrewvweb...@googlemail.com; MS Online Customer Service (abuse)
<ab...@microsoft.com>
*Subject:* Re: Mailserver at 52.169.9.191
+Microsoft Abuse:
After further research the machine at 52.169.9.191 is causing 2/3's of
our SpamAssassin Update server traffic for the last month. Please
rectify this immediately.
Regards
KAM
On 11/5/2017 3:30 PM, Matthias Leisi wrote:
Hello,
We run one of the mirrors used by sa-update. From our logs, we see
that the IP address 52.169.9.191 (which seems to be
mail.brainloopdevops.com<http://mail.brainloopdevops.com/>, and
for which whois shows your email address) runs sa-update about
once every three seconds. Generally, once a day is the suggested
update frequency (https://wiki.apache.org/spamassassin/RuleUpdates).
Please change the update frequency to an acceptable level.
Regards,
— Matthias, for the dnswl.org<http://dnswl.org/> project
<https://www.dnswl.org/>
Matthias Leisi, Project Leader dnswl.org<https://www.dnswl.org/>
Mail reputation – Protect against false positives
matth...@dnswl.org<mailto:matth...@dnswl.org>| Twitter:
@dnswlorg<https://twitter.com/dnswlorg>