Email Security.cloud

Funny posting this here, since I was with SYMC till just a few months back... but here it goes. Our anti-spam appliance is blocking several IP's of MessageLabs since it is sending spam to us, this client is sending out a lot of similar e-mails to none existing address on our side. Hence the anti-spam appliance on our side sees this as malicious behaviour and temporarily blocks your IP of that particular sending server. Since you of course use a lot of load balanced servers, we block a lot of them. Impacting other customers of this platform, which is a bad thing. And it impacts the reputation of a great hosted platform that you guys and gals have. Just as a small part of the info sending IP: 216.82.243.199 (reverse: mail1.bemta8.messagelabs.com) sending IP: 216.82.243.197 (reverse: mail1.bemta8.messagelabs.com) sending IP: 216.82.254.101 (reverse: mail1.bemta7.messagelabs.com) to addresses that seem to be generated by code, at least the start of these are: BudMsite023@[insert our domain] BudMsite028@[insert our domain] BudMsite095@[insert our domain] Sender is claimed to be BudgetConfirmations@budgetgroup.com - but can be very well spoofed of course.

We are seeing the issue reappear again. Logs from our gateway (times are GMT -05:00): Fri Feb 7 05:34:26 2014 Info: New SMTP ICID 448505658 interface Data 1 (172.18.254.20) address 216.82.251.11 reverse dns host mail1.bemta12.messagelabs.com verified yes Fri Feb 7 05:34:26 2014 Info: ICID 448505658 ACCEPT SG UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 5.5 Fri Feb 7 05:34:26 2014 Info: Start MID 114112239 ICID 448505658 Fri Feb 7 05:34:26 2014 Info: MID 114112239 ICID 448505658 From: <BudgetConfirmations@budgetgroup.com> Fri Feb 7 05:34:26 2014 Info: MID 114112239 ICID 448505658 To: <BudMsite017@mt.com> Rejected by LDAPACCEPT Fri Feb 7 05:34:31 2014 Info: Message aborted MID 114112239 Receiving aborted by sender Fri Feb 7 05:34:31 2014 Info: Message finished MID 114112239 aborted Fri Feb 7 05:34:31 2014 Info: ICID 448505658 close Fri Feb 7 05:37:13 2014 Warning: Dropping connection due to potential Directory Harvest Attack from host=('216.82.251.4', 'mail1.bemta12.messagelabs.com'), dhap_limit=25, sender_group=UNKNOWNLIST, listener=IncomingMail, reverse_dns=216.82.251.4, ICID 448507806 Fri Feb 7 05:37:18 2014 Warning: Dropping connection due to potential Directory Harvest Attack from host=('216.82.251.8', 'mail1.bemta12.messagelabs.com'), dhap_limit=25, sender_group=UNKNOWNLIST, listener=IncomingMail, reverse_dns=216.82.251.8, ICID 448507895 Fri Feb 7 05:37:33 2014 Warning: Dropping connection due to potential Directory Harvest Attack from host=('216.82.251.17', 'mail1.bemta12.messagelabs.com'), dhap_limit=25, sender_group=UNKNOWNLIST, listener=IncomingMail, reverse_dns=216.82.251.17, ICID 448508100 Please inform your client that sending SPAM is not really nice. And that it causes anti-spam solutions to block the complete Messagelabs platform.