spamassassin-sysadmins mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <>
Subject Re: Mailserver at
Date Tue, 07 Nov 2017 13:11:11 GMT

Hi Matthias,

It's the only time I have ever seen it abused to be honest. I added the 
Azure abuse team so it should get resolved and they responded that they 
are escalating it to their CERT team. Plus I am curious what the hell is 
going on so I'll ask them to follow-up

How did you figure out it was the brain dev company Btw? I didn't see 
the connection.  Also, I think they had a webmail interface up at and it appears to be offline now. Guessing the abuse team 
cut the machine off.

I did an outright drop on the IP.  I just removed it and appear to no 
longer have the 3 second monster.  Thanks for noticing it.

One thing that would be cool is a heat-map/aggregation of the sa-update 
data which might also find issues like this but also show useful 
information like where our sa-update mirrors are getting used most, 
identify the actual aggregated load, etc.  Thoughts?


On November 6, 2017 10:51:10 PM PST, Matthias Leisi <> 

    Btw., I 403’d this IP in my local config.

    Maybe we could distribute a .htaccess file with the update files as
    a workaround for such issues?

    — Matthias

    Matthias Leisi, Project Leader <>
    Mail reputation – Protect against false positives <> | Twitter: @dnswlorg

>     Am 07.11.2017 um 04:35 schrieb Kevin A. McGrail
>     < <>>:
>     +Microsoft Abuse:
>     After further research the machine at is causing
>     2/3's of our SpamAssassin Update server traffic for the last
>     month.  Please rectify this immediately.
>     Regards
>     KAM
>     On 11/5/2017 3:30 PM, Matthias Leisi wrote:
>>     Hello,
>>     We run one of the mirrors used by sa-update. From our logs, we
>>     see that the IP address (which seems to be
>> <>, and
>>     for which whois shows your email address) runs sa-update about
>>     once every three seconds. Generally, once a day is the suggested
>>     update frequency (
>>     Please change the update frequency to an acceptable level.
>>     Regards,
>>     — Matthias, for the <> project
>>     <dnswlorg_logo.png> <>
>>     Matthias Leisi, Project Leader <>
>>     Mail reputation – Protect against false positives
>> <> | Twitter:
>>     @dnswlorg <>

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message