> Am 02.06.26 um 12:07 schrieb Alessandro Vesely via mailop: > > On 02/06/2026 08:56, Benoit Panizzon via mailop wrote: > >> From: DH Lieferung Kundenbetreuung<[email protected]> > >> To: panizzon@* > >> Message-ID:<[email protected]> > >> X-Mailer: Python SMTP Client > >> > >> inetnum: 158.94.210.0 - 158.94.210.255 > >> netname: OMEGATECH > >> country: NL > > > > You don't seem to be the only victim: AbuseIPDB says: > > > > > > *158.94.210.98* <https://www.abuseipdb.com/check/158.94.210.98> was > > found in our database! > > > > This IP was reported *130* times. Confidence of Abuse is *100%*: > > > That /24 range seems to be rented out to a spamming/scamming operation using > victim addresses for both sender and recipient: > > Jun 1 14:02:53 localhost postfix/smtpd[3568196]: NOQUEUE: reject: RCPT from > unknown[158.94.210.212]: 450 4.7.25 Client > host rejected: cannot find your hostname, [158.94.210.212]; > from=<info@*domain*.de> to=<info@*domain*.de> proto=ESMTP > helo=<[158.94.210.212]> > > I've seen this pattern (sender address = recipient) mostly with sextortion or > fake security breach attempts, so it may > be possible that those hosts are compromised and the actual miscreant is > sitting elsewhere. > > From my spam blocking database, I see that I labeled 158.94.208.0/22 as > spamming, as well as AS214943 which it was > apparently part of at some time. No reported false positives yet.
I just grepped the logs from a few of our busier mail servers, and various IP addresses from that /24 have been trying to hack into various user accounts since as far back as 2026-May-24 (possibly earlier too, but I didn't bother to check). Mostly they're trying to figure out SMTP passwords, and a few attempts at IMAP4 are also showing up. 158.94.210/24 is bad news. I recommending blocking the whole /24 without counter-measures in place. -- Postmaster - [email protected] Randolf Richardson, CNA - [email protected] Inter-Corporate Computer & Network Services, Inc. Vancouver, Beautiful British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
