You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sysadmins@spamassassin.apache.org by "Kevin A. McGrail" <ke...@mcgrail.com> on 2017/11/07 13:16:14 UTC

Re: SRX1403554742ID - FW: Mailserver at 52.169.9.191

+Apache SpamAssassin SysAdmins & bcc'ing Ross Gardler

Thank you, Ralph.  Can you ask the CERT team to respond with the 
resolution/response please so we know if it's an error by a researcher, 
an active attack, etc. so we can respond appropriately?  It appears the 
box is offlined which is good too!   Appreciate the fast response.

Regards,
KAM

On 11/7/2017 5:38 AM, Microsoft Online Safety wrote:
>
> Hi ,
>
> Based on the information you have provided, this may have originated 
> from an account hosted on Microsoft Azure.
>
> We forwarded your complaint to the CERT team for review and action.
>
> Should you encounter additional reports from the same IP, send them 
> directly to Cert@Microsoft.com.
>
> Additional information about Azure related issues can be found at this 
> link https://portal.msrc.microsoft.com/en-us/engage/cars
>
> Kindly,
>
> Ralph
>
> Microsoft Online Safety
>
>
> ------------------------------------------------------------------------
>
>
> --- Original Message ---
> *From* : "MS Online Customer Service (abuse)"
> *Sent* : Tuesday, November 7, 2017 3:43:28 AM UTC
> *To* : 
> "MOSAF.MREA.WW.00.EN.CVG.MNL.AU.T01.SPT.SG.EM@css.one.microsoft.com"
> *Subject* : FW: Mailserver at 52.169.9.191
>
> *From:*Kevin A. McGrail [mailto:kevin.mcgrail@mcgrail.com]
> *Sent:* Monday, November 6, 2017 7:35 PM
> *To:* Matthias Leisi <ma...@dnswl.org>; 
> andrewvwebber@googlemail.com; MS Online Customer Service (abuse) 
> <ab...@microsoft.com>
> *Subject:* Re: Mailserver at 52.169.9.191
>
> +Microsoft Abuse:
>
> After further research the machine at 52.169.9.191 is causing 2/3's of 
> our SpamAssassin Update server traffic for the last month.  Please 
> rectify this immediately.
>
> Regards
> KAM
>
> On 11/5/2017 3:30 PM, Matthias Leisi wrote:
>
>     Hello,
>
>     We run one of the mirrors used by sa-update. From our logs, we see
>     that the IP address 52.169.9.191 (which seems to be
>     mail.brainloopdevops.com<http://mail.brainloopdevops.com/>, and
>     for which whois shows your email address) runs sa-update about
>     once every three seconds. Generally, once a day is the suggested
>     update frequency (https://wiki.apache.org/spamassassin/RuleUpdates).
>
>     Please change the update frequency to an acceptable level.
>
>     Regards,
>
>     — Matthias, for the dnswl.org<http://dnswl.org/> project
>
>     <https://www.dnswl.org/>
>
>     Matthias Leisi, Project Leader dnswl.org<https://www.dnswl.org/>
>     Mail reputation – Protect against false positives
>
>     matthias@dnswl.org<ma...@dnswl.org>| Twitter:
>     @dnswlorg<https://twitter.com/dnswlorg>
>