my "BFFs" @ M$'s *.outlook.com have decided over the last month or so to send
many 10K's of these
2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]:
CONNECT from [52.101.56.17]:32607 to [209.123.234.54]:25
2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS
NEW [52.101.56.17]:32607
2023-08-14T13:12:00.058029-04:00 svr01
postfix/postscreen-internal/smtpd[27907]: connect from
mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17]
2023-08-14T13:12:00.118201-04:00 svr01
postfix/postscreen-internal/smtpd[27907]: Anonymous TLS connection established
from mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17]:
TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
2023-08-14T13:12:00.131049-04:00 svr01
postfix/postscreen-internal/smtpd[27907]: disconnect from
mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17] ehlo=1
starttls=1 quit=1 commands=3
they come in frequent waves of ~5-10 from countless different outlook.com hosts -- but,
so far, these waves (and totals) are ONLY from outlook.com -- getting by postscreen cache
after expire with "PASS NEW".
i never receive content with these; i just see the connect->disconnect
sequence. protections appear to be doing what they should.
OK mail from outlook does make it's way thru; e.g., since Monday,
xzegrep "250 2.0.0 Queued as.*outbound.protection.outlook.com"
/var/log/postfix/postfix.log | wc -l
4343
any wisdom as to what this M$ noise is ? and what (else) to do about it? if
anything ...
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
