On 2023-05-13 at 15:09:50 UTC-0400 (Sat, 13 May 2023 14:09:50 -0500)
Jarland Donnell via mailop <[email protected]>
is rumored to have said:
Curious if anyone else is seeing an event similar to this.
Inbound SMTP traffic is the median of the past 5 Saturdays through 20:00
UTC on the largest system I wrangle. So: nope.
Here's the logs of 1 hour on one of our servers, for what I propose to
be a botnet: https://clbin.com/4khRA
I'm leaving the recipient domains in it because they're not actually
customer domains. Either they used to be, or they've had their MX
pointed to us maliciously. I can't accurately say at the moment.
Whatever is happening in these logs, it looks fairly consistent, and
quite distributed. What I can't figure out yet, and I'm hoping
responses or lack thereof from others will shed light on, is whether
or not this is a targeted attack against our infrastructure or simply
a large scale event that we're all seeing.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
