I didn't call Linode 'Bad'... please don't assume.. Actually I don't
consider them bad at all.. it was others on the list that were complaining..
Continuing on an earlier thread on this topic, where it was reported
that Linode blocks port 25 by default for all new accounts.
I am just seeing if we can get some technical information so we have a
few facts on this, before that topic/threat is going to be discussed
further..
This is NOT about a spam report/complaint..
(you did note that we don't worry about this to much in my previous
comments, or was this a chance to jump on me Al ;)
I don't post spam complaints on this list, but I do occasionally discuss
'trends' which people on this list appear to value..
On 2021-11-26 11:07 a.m., Al Iverson wrote:
Is "hey bad ISP please come here and defend yourself against my
accusation" really on topic for this mailing list?
Isn't there some other list like SPAM-L or something that might be more
suited to that type of conversation?
On Fri, Nov 26, 2021 at 1:05 PM Michael Peddemors via mailop
<mailop@mailop.org <mailto:mailop@mailop.org>> wrote:
Maybe someone from Linode can comment on this..
Here is a typical spam outbreak from Linode..
Usually these are trapped/tagged because the default PTR is still in
place, so doesn't cause enough problems to report, but they do happen
occasionally in spurts.
Since several times it has been mentioned on the list that Linode
blocks
port 25 by default (I have no evidence to support those claims though)
.. it does make one question how these cases appear.
(Some headers removed for clarity)
Return-Path: <root@fit.clinic>
Received: from li1548-40.members.linode.com
<http://li1548-40.members.linode.com> (HELO fit.clinic)
(139.162.68.40)
Received: (qmail 23890 invoked by uid 2); 26 Nov 2021 17:25:01 -0000
Message-ID: <20211126172501.23889.qmail@fit.clinic>
From: contact.yoyogi@fit.clinic
(this was an interesting catfish lure in Japanese, returning a 503 now)
Now, either this was a compromised server, or someone stood up a Linode
Instance for the sole purpose of phishing..
It would be interesting to hear how/why this was not blocked by default
(port 25), how long the instance was up and running before it started
its spam/phishing run, and was this a malicous customer, or a
compromise.
Inquiring minds would like to know..
-- Michael --
PS, this one..
Return-Path: <supp...@magento-693809-2292299.cloudwaysapps.com
<mailto:supp...@magento-693809-2292299.cloudwaysapps.com>>
Received: from 66-228-37-15.ip.linodeusercontent.com
<http://66-228-37-15.ip.linodeusercontent.com> (HELO
693809.cloudwaysapps.com <http://693809.cloudwaysapps.com>)
(66.228.37.15)
Received: by 693809.cloudwaysapps.com
<http://693809.cloudwaysapps.com> (Postfix, from userid 1004)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
