Re: SRX1403554742ID - FW: Mailserver at 52.169.9.191

Tue, 07 Nov 2017 05:16:57 -0800 

+Apache SpamAssassin SysAdmins & bcc'ing Ross Gardler
Thank you, Ralph.  Can you ask the CERT team to respond with the resolution/response please so we know if it's an error by a researcher, an active attack, etc. so we can respond appropriately?  It appears the box is offlined which is good too!   Appreciate the fast response. 

Regards,
KAM

On 11/7/2017 5:38 AM, Microsoft Online Safety wrote:


Hi ,
Based on the information you have provided, this may have originated from an account hosted on Microsoft Azure. 

We forwarded your complaint to the CERT team for review and action.
Should you encounter additional reports from the same IP, send them directly to c...@microsoft.com.
Additional information about Azure related issues can be found at this link https://portal.msrc.microsoft.com/en-us/engage/cars 

Kindly,

Ralph

Microsoft Online Safety


------------------------------------------------------------------------


--- Original Message ---
*From* : "MS Online Customer Service (abuse)"
*Sent* : Tuesday, November 7, 2017 3:43:28 AM UTC
*To* : "mosaf.mrea.ww.00.en.cvg.mnl.au.t01.spt.sg...@css.one.microsoft.com" 
*Subject* : FW: Mailserver at 52.169.9.191

*From:*Kevin A. McGrail [mailto:kevin.mcgr...@mcgrail.com]
*Sent:* Monday, November 6, 2017 7:35 PM
*To:* Matthias Leisi <matth...@dnswl.org>; andrewvweb...@googlemail.com; MS Online Customer Service (abuse) <ab...@microsoft.com> 
*Subject:* Re: Mailserver at 52.169.9.191

+Microsoft Abuse:
After further research the machine at 52.169.9.191 is causing 2/3's of our SpamAssassin Update server traffic for the last month.  Please rectify this immediately. 

Regards
KAM

On 11/5/2017 3:30 PM, Matthias Leisi wrote:

    Hello,

    We run one of the mirrors used by sa-update. From our logs, we see
    that the IP address 52.169.9.191 (which seems to be
    mail.brainloopdevops.com<http://mail.brainloopdevops.com/>, and
    for which whois shows your email address) runs sa-update about
    once every three seconds. Generally, once a day is the suggested
    update frequency (https://wiki.apache.org/spamassassin/RuleUpdates).

    Please change the update frequency to an acceptable level.

    Regards,

    — Matthias, for the dnswl.org<http://dnswl.org/> project

    <https://www.dnswl.org/>

    Matthias Leisi, Project Leader dnswl.org<https://www.dnswl.org/>
    Mail reputation – Protect against false positives

    matth...@dnswl.org<mailto:matth...@dnswl.org>| Twitter:
    @dnswlorg<https://twitter.com/dnswlorg>

Reply via email to