Not just those ranges...


Strange that it is on Port 25, and not the submission port..

AUTH, then QUIT..

Rather than blocking the IP(s) you could block connections from that EHLO to port 25..

But of course, the question is 'why'..
I could see it if it was IMAP, but polling SMTP ports is very unusual..

grep | wc -l

That's a lot for two hours on a single server..

On 18-02-09 08:18 AM, Scott Undercofler wrote:
On both systems I run, I would definitely call it extreme. To the point that I 
am about to block the 12+ ranges the traffic is coming from. We had a 10 fold 
increase in auth’s the past three days.

I am unsure whats exactly being done with the auth attempts but its not normal.

On Feb 9, 2018, at 8:59 AM, Brotman, Alexander <> 

Not sure if I'd call it extreme, but a marked increase beginning Feb 6th.

Alex Brotman
Sr. Engineer, Anti-Abuse

-----Original Message-----
From: mailop [] On Behalf Of Dan Malm
Sent: Friday, February 09, 2018 3:57 AM
Subject: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs


I'm seeing an extreme amount of SMTP authentications (over 600/s) from the 
microsoft owned range on my customer SMTP servers.
It's just auth, with valid credentials, and then it disconnects right after so 
no attempts to send any mails have been done for the vast majority of these 
connections. A small amount of valid mails are being sent from this range 
though. HELO indicates it's from So seems like their system for 
sending with your own domain through external servers has gone a bit haywire...

I've sent a mail about it, but I'm a bit curious if anyone 
else is seeing the same?

BR/Mvh. Dan Malm, Systems Engineer,

mailop mailing list

mailop mailing list

"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at @linuxmagic
A Wizard IT Company - For More Info
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

mailop mailing list

Reply via email to