On both systems I run, I would definitely call it extreme. To the point that I am about to block the 12+ ranges the traffic is coming from. We had a 10 fold increase in auth’s the past three days.
I am unsure whats exactly being done with the auth attempts but its not normal. > On Feb 9, 2018, at 8:59 AM, Brotman, Alexander > <alexander_brot...@comcast.com> wrote: > > Not sure if I'd call it extreme, but a marked increase beginning Feb 6th. > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse > Comcast > > > -----Original Message----- > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Dan Malm > Sent: Friday, February 09, 2018 3:57 AM > To: mailop@mailop.org > Subject: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs > > Hi > > I'm seeing an extreme amount of SMTP authentications (over 600/s) from the > microsoft owned 40.101.0.0/16 range on my customer SMTP servers. > It's just auth, with valid credentials, and then it disconnects right after > so no attempts to send any mails have been done for the vast majority of > these connections. A small amount of valid mails are being sent from this > range though. HELO indicates it's from outlook.com. So seems like their > system for sending with your own domain through external servers has gone a > bit haywire... > > I've sent ab...@microsoft.com a mail about it, but I'm a bit curious if > anyone else is seeing the same? > > -- > BR/Mvh. Dan Malm, Systems Engineer, One.com > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
