You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sysadmins@spamassassin.apache.org by "Kevin A. McGrail" <ke...@mcgrail.com> on 2017/11/07 13:16:14 UTC
Re: SRX1403554742ID - FW: Mailserver at 52.169.9.191
+Apache SpamAssassin SysAdmins & bcc'ing Ross Gardler
Thank you, Ralph. Can you ask the CERT team to respond with the
resolution/response please so we know if it's an error by a researcher,
an active attack, etc. so we can respond appropriately? It appears the
box is offlined which is good too! Appreciate the fast response.
Regards,
KAM
On 11/7/2017 5:38 AM, Microsoft Online Safety wrote:
>
> Hi ,
>
> Based on the information you have provided, this may have originated
> from an account hosted on Microsoft Azure.
>
> We forwarded your complaint to the CERT team for review and action.
>
> Should you encounter additional reports from the same IP, send them
> directly to Cert@Microsoft.com.
>
> Additional information about Azure related issues can be found at this
> link https://portal.msrc.microsoft.com/en-us/engage/cars
>
> Kindly,
>
> Ralph
>
> Microsoft Online Safety
>
>
> ------------------------------------------------------------------------
>
>
> --- Original Message ---
> *From* : "MS Online Customer Service (abuse)"
> *Sent* : Tuesday, November 7, 2017 3:43:28 AM UTC
> *To* :
> "MOSAF.MREA.WW.00.EN.CVG.MNL.AU.T01.SPT.SG.EM@css.one.microsoft.com"
> *Subject* : FW: Mailserver at 52.169.9.191
>
> *From:*Kevin A. McGrail [mailto:kevin.mcgrail@mcgrail.com]
> *Sent:* Monday, November 6, 2017 7:35 PM
> *To:* Matthias Leisi <ma...@dnswl.org>;
> andrewvwebber@googlemail.com; MS Online Customer Service (abuse)
> <ab...@microsoft.com>
> *Subject:* Re: Mailserver at 52.169.9.191
>
> +Microsoft Abuse:
>
> After further research the machine at 52.169.9.191 is causing 2/3's of
> our SpamAssassin Update server traffic for the last month. Please
> rectify this immediately.
>
> Regards
> KAM
>
> On 11/5/2017 3:30 PM, Matthias Leisi wrote:
>
> Hello,
>
> We run one of the mirrors used by sa-update. From our logs, we see
> that the IP address 52.169.9.191 (which seems to be
> mail.brainloopdevops.com<http://mail.brainloopdevops.com/>, and
> for which whois shows your email address) runs sa-update about
> once every three seconds. Generally, once a day is the suggested
> update frequency (https://wiki.apache.org/spamassassin/RuleUpdates).
>
> Please change the update frequency to an acceptable level.
>
> Regards,
>
> — Matthias, for the dnswl.org<http://dnswl.org/> project
>
> <https://www.dnswl.org/>
>
> Matthias Leisi, Project Leader dnswl.org<https://www.dnswl.org/>
> Mail reputation – Protect against false positives
>
> matthias@dnswl.org<ma...@dnswl.org>| Twitter:
> @dnswlorg<https://twitter.com/dnswlorg>
>