On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote:
Not this exact scenario, but what we see a lot of in my VPS company is people sending spam by using our VPS' source addresses, but routing outbound via some kind of tunnel to a VPN provider or similar in order to bypass our port 25 blocks.
I'd be curious what VPN providers they are using so that I could start blocking them. That seems like another player in the criminal support ecosystem.
We've had to start blocking source port 25 to catch the replies from the recipient mail servers in order to prevent this kind of abuse.
Interesting. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
