Re: [mailop] Another very strange microsoft originated email??
On Thursday 07/12/2023 at 3:21 pm, Michael Peddemors via mailop wrote: For the record, the command line 'whois' tool is getting long in the tooth, and the maintainer isnt' really interested in updating the tools, database.. (We offered to help) But, because I end up showing this to our own staff, a little trick.. whois 49.13.172.216 -h whois.ripe.net RIPE can be a one-stop whois -- it's pretty complete. ARIN's whois has a slightly different input format (other RIRs use RPSL format), but it generally picks the correct parameter type for a given input (if not provided). I often use "-n" (no redirect) to limit the output, depending on what I'm looking for. [...] ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Another very strange microsoft originated email??
On 2023-12-07 at 16:20:23 UTC-0500 (Thu, 7 Dec 2023 13:20:23 -0800) Michael Peddemors via mailop is rumored to have said: For the record, the command line 'whois' tool is getting long in the tooth, and the maintainer isnt' really interested in updating the tools, database.. (We offered to help) Which whois? The one at https://github.com/rfc1036/whois maintained by Marco D'Itri had a release last month, as can be seen at http://ftp.debian.org/debian/pool/main/w/whois/ But, because I end up showing this to our own staff, a little trick.. whois 49.13.172.216 -h whois.ripe.net You CAN query the individual RIR's directly.. There are also other query methods directly available from RIR's, and 3rd parties like 'ipinfo' you can also check.. Still have it on the project list for a new unified 'rwhois' standalone tool, and SaaS.. for the community.. .. but never enough hours in the day, or budgets for opensource projects ;0 Make sure you integrate RDAP. ALSO: It should include a pony for every user. On 2023-12-07 12:44, Randolf Richardson, Postmaster via mailop wrote: I'm not familiar with Hertzner, but APNIC's WHOIS indicates a country code of ZZ for the sending IP address's netblock, which the ISO lists as "Unknown or unspecified country." I guess the whole /23 is in the process of being moved? The most recent modification seems to be ~7 months ago (2023-May-17). debian# whois 49.13.172.216 % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '49.12.0.0 - 49.13.255.255' % Abuse contact for '49.12.0.0 - 49.13.255.255' is 'no-em...@apnic.net' inetnum:49.12.0.0 - 49.13.255.255 netname:STUB-49-12SLASH15 descr: Transferred to the RIPE region on 2018-06-27T02:24:02Z. country:ZZ admin-c:STUB-AP tech-c: STUB-AP abuse-c:AS2444-AP status: ALLOCATED PORTABLE mnt-by: APNIC-STUB mnt-irt:IRT-STUB-AP last-modified: 2023-05-17T13:13:11Z source: APNIC irt:IRT-STUB-AP address:N/A e-mail: no-em...@apnic.net abuse-mailbox: no-em...@apnic.net admin-c:STUB-AP tech-c: STUB-AP auth: # Filtered remarks:IRT for stub records. remarks:We do not operate the referring network and remarks:are unable to investigate complaints of network abuse. remarks:For information about IRT, see www.apnic.net/irt remarks:no-em...@apnic.net is invalid mnt-by: APNIC-HM last-modified: 2023-05-17T13:09:19Z source: APNIC role: ABUSE STUBAP address:N/A country:ZZ phone: +0 e-mail: no-em...@apnic.net admin-c:STUB-AP tech-c: STUB-AP nic-hdl:AS2444-AP remarks:Generated from irt object IRT-STUB-AP remarks:no-em...@apnic.net is invalid abuse-mailbox: no-em...@apnic.net mnt-by: APNIC-ABUSE last-modified: 2023-05-17T13:13:08Z source: APNIC person: STUB PERSON address:N/A country:ZZ phone: +00 e-mail: no-em...@apnic.net nic-hdl:STUB-AP remarks:No contact information for stub records. mnt-by: APNIC-HM last-modified: 2019-09-23T04:53:33Z source: APNIC % This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4) Free trial account on Microsoft 365 being relayed through Microsoft 365 outbounds by a Hetzner IP --srs From: mailop on behalf of Michael Peddemors via mailop Sent: Thursday, December 7, 2023 5:38:33 AM To: mailop@mailop.org Subject: [mailop] Another very strange microsoft originated email?? Take a look at the headers for this one.. Appears to come from an sender IP on Hetzner, but related to Microsoft?? Some headers snipped for brevity, but something sure appears rotten in denmark.. love the boundary.. Any takers on explained how this is being allowed or performed? Return-Path: Received: from mail-psaapc01on2064.outbound.protection.outlook.com (HELO APC01-PSA-obe.outbound.protection.outlook.com) (40.107.255.64) ... X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 49.13.172.216) smtp.mailfrom=cdklu.onmicrosoft.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cdklu.onmicrosoft.com; From: Autozone Department Subject: Celebrating Autozone anniversary with an DEWALT 200 Piece Mechanics Tool Set In-Reply: Content-Type: multipart/alternative; charset="UTF-8";boundary="FakOj.oyfbwp" -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Regist
Re: [mailop] Another very strange microsoft originated email??
For the record, the command line 'whois' tool is getting long in the tooth, and the maintainer isnt' really interested in updating the tools, database.. (We offered to help) But, because I end up showing this to our own staff, a little trick.. whois 49.13.172.216 -h whois.ripe.net You CAN query the individual RIR's directly.. There are also other query methods directly available from RIR's, and 3rd parties like 'ipinfo' you can also check.. Still have it on the project list for a new unified 'rwhois' standalone tool, and SaaS.. for the community.. .. but never enough hours in the day, or budgets for opensource projects ;0 On 2023-12-07 12:44, Randolf Richardson, Postmaster via mailop wrote: I'm not familiar with Hertzner, but APNIC's WHOIS indicates a country code of ZZ for the sending IP address's netblock, which the ISO lists as "Unknown or unspecified country." I guess the whole /23 is in the process of being moved? The most recent modification seems to be ~7 months ago (2023-May-17). debian# whois 49.13.172.216 % [whois.apnic.net] % Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html % Information related to '49.12.0.0 - 49.13.255.255' % Abuse contact for '49.12.0.0 - 49.13.255.255' is 'no-em...@apnic.net' inetnum:49.12.0.0 - 49.13.255.255 netname:STUB-49-12SLASH15 descr: Transferred to the RIPE region on 2018-06-27T02:24:02Z. country:ZZ admin-c:STUB-AP tech-c: STUB-AP abuse-c:AS2444-AP status: ALLOCATED PORTABLE mnt-by: APNIC-STUB mnt-irt:IRT-STUB-AP last-modified: 2023-05-17T13:13:11Z source: APNIC irt:IRT-STUB-AP address:N/A e-mail: no-em...@apnic.net abuse-mailbox: no-em...@apnic.net admin-c:STUB-AP tech-c: STUB-AP auth: # Filtered remarks:IRT for stub records. remarks:We do not operate the referring network and remarks:are unable to investigate complaints of network abuse. remarks:For information about IRT, see www.apnic.net/irt remarks:no-em...@apnic.net is invalid mnt-by: APNIC-HM last-modified: 2023-05-17T13:09:19Z source: APNIC role: ABUSE STUBAP address:N/A country:ZZ phone: +0 e-mail: no-em...@apnic.net admin-c:STUB-AP tech-c: STUB-AP nic-hdl:AS2444-AP remarks:Generated from irt object IRT-STUB-AP remarks:no-em...@apnic.net is invalid abuse-mailbox: no-em...@apnic.net mnt-by: APNIC-ABUSE last-modified: 2023-05-17T13:13:08Z source: APNIC person: STUB PERSON address:N/A country:ZZ phone: +00 e-mail: no-em...@apnic.net nic-hdl:STUB-AP remarks:No contact information for stub records. mnt-by: APNIC-HM last-modified: 2019-09-23T04:53:33Z source: APNIC % This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4) Free trial account on Microsoft 365 being relayed through Microsoft 365 outbounds by a Hetzner IP --srs From: mailop on behalf of Michael Peddemors via mailop Sent: Thursday, December 7, 2023 5:38:33 AM To: mailop@mailop.org Subject: [mailop] Another very strange microsoft originated email?? Take a look at the headers for this one.. Appears to come from an sender IP on Hetzner, but related to Microsoft?? Some headers snipped for brevity, but something sure appears rotten in denmark.. love the boundary.. Any takers on explained how this is being allowed or performed? Return-Path: Received: from mail-psaapc01on2064.outbound.protection.outlook.com (HELO APC01-PSA-obe.outbound.protection.outlook.com) (40.107.255.64) ... X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 49.13.172.216) smtp.mailfrom=cdklu.onmicrosoft.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cdklu.onmicrosoft.com; From: Autozone Department Subject: Celebrating Autozone anniversary with an DEWALT 200 Piece Mechanics Tool Set In-Reply: Content-Type: multipart/alternative; charset="UTF-8";boundary="FakOj.oyfbwp" -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and
Re: [mailop] Another very strange microsoft originated email??
On Thu, Dec 07, 2023 at 12:44:58PM -0800, Randolf Richardson, Postmaster via mailop wrote: > I'm not familiar with Hertzner, but APNIC's WHOIS indicates a > country code of ZZ for the sending IP address's netblock, which the > ISO lists as "Unknown or unspecified country." The descr: reveals what you need to do. > descr: Transferred to the RIPE region on 2018-06-27T02:24:02Z. $ whois -h whois.ripe.net that.ip.add.ress -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, https://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Another very strange microsoft originated email??
I'm not familiar with Hertzner, but APNIC's WHOIS indicates a country code of ZZ for the sending IP address's netblock, which the ISO lists as "Unknown or unspecified country." I guess the whole /23 is in the process of being moved? The most recent modification seems to be ~7 months ago (2023-May-17). debian# whois 49.13.172.216 % [whois.apnic.net] % Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html % Information related to '49.12.0.0 - 49.13.255.255' % Abuse contact for '49.12.0.0 - 49.13.255.255' is 'no-em...@apnic.net' inetnum:49.12.0.0 - 49.13.255.255 netname:STUB-49-12SLASH15 descr: Transferred to the RIPE region on 2018-06-27T02:24:02Z. country:ZZ admin-c:STUB-AP tech-c: STUB-AP abuse-c:AS2444-AP status: ALLOCATED PORTABLE mnt-by: APNIC-STUB mnt-irt:IRT-STUB-AP last-modified: 2023-05-17T13:13:11Z source: APNIC irt:IRT-STUB-AP address:N/A e-mail: no-em...@apnic.net abuse-mailbox: no-em...@apnic.net admin-c:STUB-AP tech-c: STUB-AP auth: # Filtered remarks:IRT for stub records. remarks:We do not operate the referring network and remarks:are unable to investigate complaints of network abuse. remarks:For information about IRT, see www.apnic.net/irt remarks:no-em...@apnic.net is invalid mnt-by: APNIC-HM last-modified: 2023-05-17T13:09:19Z source: APNIC role: ABUSE STUBAP address:N/A country:ZZ phone: +0 e-mail: no-em...@apnic.net admin-c:STUB-AP tech-c: STUB-AP nic-hdl:AS2444-AP remarks:Generated from irt object IRT-STUB-AP remarks:no-em...@apnic.net is invalid abuse-mailbox: no-em...@apnic.net mnt-by: APNIC-ABUSE last-modified: 2023-05-17T13:13:08Z source: APNIC person: STUB PERSON address:N/A country:ZZ phone: +00 e-mail: no-em...@apnic.net nic-hdl:STUB-AP remarks:No contact information for stub records. mnt-by: APNIC-HM last-modified: 2019-09-23T04:53:33Z source: APNIC % This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4) > Free trial account on Microsoft 365 being relayed through Microsoft 365 > outbounds by a Hetzner IP > > --srs > > From: mailop on behalf of Michael Peddemors via > mailop > Sent: Thursday, December 7, 2023 5:38:33 AM > To: mailop@mailop.org > Subject: [mailop] Another very strange microsoft originated email?? > > Take a look at the headers for this one.. > Appears to come from an sender IP on Hetzner, but related to Microsoft?? > > Some headers snipped for brevity, but something sure appears rotten in > denmark.. love the boundary.. Any takers on explained how this is being > allowed or performed? > > Return-Path: > Received: from mail-psaapc01on2064.outbound.protection.outlook.com (HELO > APC01-PSA-obe.outbound.protection.outlook.com) (40.107.255.64) > > ... > > X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 49.13.172.216) > smtp.mailfrom=cdklu.onmicrosoft.com; dkim=none (message not signed) > header.d=none;dmarc=none action=none header.from=cdklu.onmicrosoft.com; > From: Autozone Department > Subject: Celebrating Autozone anniversary with an DEWALT 200 Piece > Mechanics Tool Set > In-Reply: > Content-Type: multipart/alternative; charset="UTF-8";boundary="FakOj.oyfbwp" > > > > > -- > "Catch the Magic of Linux..." > > Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic > A Wizard IT Company - For More Info http://www.wizard.ca > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and intended > solely for the use of the individual or entity to which they are addressed. > Please note that any views or opinions presented in this email are solely > those of the author and are not intended to represent those of the company. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Postmaster - postmas...@inter-corporate.com Randolf Richardson - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Another very strange microsoft originated email??
On Thu, Dec 07, 2023 at 12:29:37AM +, Suresh Ramasubramanian via mailop wrote: > Free trial account on Microsoft 365 being relayed through Microsoft 365 > outbounds by a Hetzner IP As Suresh says. I've got a copy too. Nothing unusual in it, it definitely came through M365 infrastructure. From where it was injected to M365 is not that important - it could have been anything as long as they were capable of authenticating using the user accounts in that domain. -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Another very strange microsoft originated email??
Free trial account on Microsoft 365 being relayed through Microsoft 365 outbounds by a Hetzner IP --srs From: mailop on behalf of Michael Peddemors via mailop Sent: Thursday, December 7, 2023 5:38:33 AM To: mailop@mailop.org Subject: [mailop] Another very strange microsoft originated email?? Take a look at the headers for this one.. Appears to come from an sender IP on Hetzner, but related to Microsoft?? Some headers snipped for brevity, but something sure appears rotten in denmark.. love the boundary.. Any takers on explained how this is being allowed or performed? Return-Path: Received: from mail-psaapc01on2064.outbound.protection.outlook.com (HELO APC01-PSA-obe.outbound.protection.outlook.com) (40.107.255.64) ... X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 49.13.172.216) smtp.mailfrom=cdklu.onmicrosoft.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cdklu.onmicrosoft.com; From: Autozone Department Subject: Celebrating Autozone anniversary with an DEWALT 200 Piece Mechanics Tool Set In-Reply: Content-Type: multipart/alternative; charset="UTF-8";boundary="FakOj.oyfbwp" -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Another very strange microsoft originated email??
Take a look at the headers for this one.. Appears to come from an sender IP on Hetzner, but related to Microsoft?? Some headers snipped for brevity, but something sure appears rotten in denmark.. love the boundary.. Any takers on explained how this is being allowed or performed? Return-Path: Received: from mail-psaapc01on2064.outbound.protection.outlook.com (HELO APC01-PSA-obe.outbound.protection.outlook.com) (40.107.255.64) ... X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 49.13.172.216) smtp.mailfrom=cdklu.onmicrosoft.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cdklu.onmicrosoft.com; From: Autozone Department Subject: Celebrating Autozone anniversary with an DEWALT 200 Piece Mechanics Tool Set In-Reply: Content-Type: multipart/alternative; charset="UTF-8";boundary="FakOj.oyfbwp" -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop