Curious if anyone else is seeing an event similar to this. Here's the
logs of 1 hour on one of our servers, for what I propose to be a botnet:
https://clbin.com/4khRA
I'm leaving the recipient domains in it because they're not actually
customer domains. Either they used to be, or they've had their MX
pointed to us maliciously. I can't accurately say at the moment.
Whatever is happening in these logs, it looks fairly consistent, and
quite distributed. What I can't figure out yet, and I'm hoping responses
or lack thereof from others will shed light on, is whether or not this
is a targeted attack against our infrastructure or simply a large scale
event that we're all seeing._______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
