Received-SPF: pass (Last token {include:spf.protection.outlook.com} (res=PASS)) client-ip=40.107.72.73; envelope-from=<JimL@n2net.com>; x-ip-name=mail-eopbgr720073.outbound.protection.outlook.com;
X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720073.outbound.protection.outlook.com [40.107.72.73])
by netwin.co.nz (SurgeMail 7.4b) with ESMTP (TLS) id 16684751-1391920
for <surgemail-list@netwin.co.nz>; Thu, 31 Oct 2019 16:38:19 +0000
X-Return-Path: JimL
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=h4KVGOmna6zNm/7IjJCnZMYEmYzYbu58EmxiaI9nv6PjhY1qxRzZjuRW2xskqdQ3m6K97/cxKh8OLebGrl9jnZp+T8uqxtom976rmCq8BD1EsK3pBfLDv+YITRtW7J99sY3UefA+yvvbP2ybholcCzC69oPSvXjQiJvCAWVTW3e6+K47TjJaXo8kWB04u1RHMxE37TWGOAKwsT4uf6RgB1yJjI9qWLKlaTr4CRpy3YSxMzFN5PcuqCNL+GeIacibPQ7cBUM8eLZsiX30fSyDxP+Jmrd7WWSEvjROskIUDC9cvYPxZnn/LYNAgSOgg2BWdFY5+rYMGDE5ZpOh7uBn9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=3gAdlSPTc1jo1b9ZlS39Gi63ZMNKzb4GVpBGkrYF6+s=;
b=YKef8/gjVtwAkfGGZjinfxufRp80w+i73TQP49rw2XTB7fekCeSmmrFZGnmZGWMBZofEc2FEQnPq2nCJnazDFbA9ufwQId7OPOKMbL2So4tsTVn0Rd6/s8m3PXkg7da1qaYFTkBCiFNyrygz7pziqyDyv+OqJZdICygqTCPwKWnLDL96sHd2Ahg8eJE+aNeczKVZ/vha9MXlE5lRF4EPrHbBrIzEZmcbxo8swOWrgChv1ap30884NfunXNH0NdH1tKnXAMEZQzTHoWGi8VTRB/zxnr8etT/mDyXbx50BM837VoTDQjZ4/zCGYC99t0p3Mqwe43YkkYZHYRwwkjLQtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=n2net.com; dmarc=pass action=none header.from=n2net.com;
dkim=pass header.d=n2net.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=n2net.com;
s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=3gAdlSPTc1jo1b9ZlS39Gi63ZMNKzb4GVpBGkrYF6+s=;
b=IpbCZrd5bY4/o3HXD+4jIsnnUvoKqsRt7RShivVv9EOVJSHZuLHX7cyjNYQMaq3nw6fihpNOA93JBcdlyEOhoAdW3yfm8BvuOZQ4YJsexvoM6opM20HFicwvcVKOWEtCf7fUGUZZkk6Ibss57KYh8cZio2TXanXiw7/70NiBMrA=
X-Received: from BYAPR15MB3110.namprd15.prod.outlook.com (20.178.239.18) by
BYAPR15MB3110.namprd15.prod.outlook.com (20.178.239.18) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2387.22; Thu, 31 Oct 2019 16:38:16 +0000
X-Received: from BYAPR15MB3110.namprd15.prod.outlook.com
([fe80::6193:6561:608f:d5a9]) by BYAPR15MB3110.namprd15.prod.outlook.com
([fe80::6193:6561:608f:d5a9%7]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019
16:38:16 +0000
From: Jim Lohiser
To: "surgemail-list@netwin.co.nz" <surgemail-list@netwin.co.nz>
Subject: [SurgeMail List] g_breakin and Google
Thread-Topic: g_breakin and Google
Thread-Index: AdWQCCQtHcFnUVTLQX+MLGe6OPZTAQ==
Date: Thu, 31 Oct 2019 16:38:16 +0000
Message-ID:
<BYAPR15MB3110DC87A02D5D47DC45D18D94630@BYAPR15MB3110.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-authentication-results: spf=none (sender IP is ) smtp.mailfrom=JimL@n2net.com;
X-x-originating-ip: [207.166.192.127]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e82fa908-d406-4ad7-2011-08d75e20bb03
x-ms-traffictypediagnostic: BYAPR15MB3110:
x-microsoft-antispam-prvs:
<BYAPR15MB3110C5D70AC63983819EE81F94630@BYAPR15MB3110.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02070414A1
x-forefront-antispam-report:
SFV:NSPM;SFS:(10009020)(346002)(376002)(396003)(39830400003)(366004)(136003)(189003)(199004)(71190400001)(76116006)(7736002)(71200400001)(102836004)(7696005)(52536014)(74316002)(81156014)(81166006)(305945005)(316002)(25786009)(66556008)(66446008)(64756008)(5660300002)(66476007)(66946007)(55016002)(9686003)(486006)(8676002)(7116003)(8936002)(186003)(6506007)(508600001)(99286004)(26005)(86362001)(3846002)(4001150100001)(2906002)(80792005)(6116002)(33656002)(14444005)(256004)(6436002)(66066001)(2501003)(2351001)(14454004)(6916009)(476003)(5640700003);DIR:OUT;SFP:1101;SCL:1;SRVR:BYAPR15MB3110;H:BYAPR15MB3110.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
received-spf: None (protection.outlook.com: n2net.com does not designate
permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
dhHM9RNo5wcu3jAZRQbfDGd6yfyCfDBciHl4Ubx1klPv1p6jivfby42q4New56kOEeNiKCSaCuM5Ci79vSzR7cdS6hRBlu2fKCM80WuB3Sa4qaf2godFJWXwclr6TPD/cfJ4AUlLwqtVi82oqhRWnu+k6t+Wc9dU+nWXdJ7g8Tg6di11R/Mdk+RblZTkzXLuAGsx2bu9+uLM40zDiUTKZ6U6oFyxD8RLUvu/EGyxvI6/Im9qNHn7yArXioCaKYArkZogIWKhtj4MTzeBUVlLGcObues6bJtR1x60gsabLJWYo637SKvszMRh7cwy7K0TGiXLIanU6OL5I4m1qqDmRltZqpq22+Ln+VDJBCFJOqQUb43rdVIcC7bmmFTpstjq4juHZPuniQNfDaRfnsuHmO8lWLuHO4wRIvuWr2cBw6sEV22I+4oK2AJVHPNeJCpX
x-ms-exchange-transport-forked: True
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: n2net.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e82fa908-d406-4ad7-2011-08d75e20bb03
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 16:38:16.3784
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 22f40af6-63b3-4367-a32e-781031f4a7bb
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lNbjGkct21sZwsXlE4V70EVOa5yeh8vtsOlst2Ojkk7oN2xPl/7CD+M1E4Bt5mc/
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR15MB3110
X-Originating-IP: 40.107.72.73
X-Country: code=US country="United States" ip=40.107.72.73
X-ORBS-Stamp: hostkarma_yellow, hostkarma_quitok
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-Kann: +OK 0.494 0.931 0/8
X-SpamDetect: *********: 9.9 sd=9.9 lv=13.00 nok=0/1 m=1 nf=0 Close 0.04(X-myrbl:Color=white) 0.90(X-Phrase:isspam) 0.74(X-Verify-Helo:-ERR) 0.29(protection.outlook) 0.65(X-Verify-Helo:wrongip) 0.35(genuine) 0.35(dkimok) 0.64(X-NotAscii:us-ascii) 0.38(spfpass) 0.42(StandardTLD) 0.43(X-ORBS-Stamp:yellow) 0.47(X-LangGuess:English) 0.51(X-Verify-MX present) Lowered 11.0 Sval 3.4 bsan 11.0 NotSaned s=3.4 was=11.0 Sval 3.4,rx:myrblwhite
X-NotAscii: charset=us-ascii
X-LangGuess: English
X-Probe: +OK no bad urls to scan
X-Phrase: IsSpam score=1.00
X-Verify-Helo: -ERR wrongip: NAM05-CO1-obe.outbound.protection.outlook.com -> 216.32.*.* not in 40.107.72.73
Authentication-Results: netwin.co.nz header.from=JimL@n2net.com; dkim=pass (good signature)
X-Verify-MX: <JimL@n2net.com> senders ip (ch=40.107.72.73 msg=40.107.72.73, net=40.107.) not in mx data dom=n2net.com ipname=mail-eopbgr720073.outbound.protection.outlook.com (207.166.203.21)
X-Encryption: SSL encrypted
X-MyRbl: Color=White Age=522 Spam=0 Notspam=6 Stars=39 Good=4191 Friend=7746 Surbl=5 Catch=0 r=0.00068 ip=40.107.72.73
X-IP-stats: No info recorded yet ip=40.107.72.73
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
NetWin,
We had an unusual circumstance today. A customer was attempting to send an email through a mailbox on our system using Gmail. Not the app but the actual Gmail service (according to the customer). In the security logs for this user, we see number of different Google IP addresses that are trying to log in (see excerpt below).
I know that I can whitelist a user using g_breakin_white. Is there a way to whitelist an IP block from trigging g_breakin_white? I would like to simply add these subnets so it does not trip g_breakin for any users.
2019-10-23 09:52:02.00 smtp: Spammer sending detected on 209.85.217.53 from multiple ip addresses (8)
2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.51 from multiple ip addresses (8)
2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.47 from multiple ip addresses (8)
2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.45 from multiple ip addresses (8)
2019-10-23 09:52:03.00 smtp: Spammer sending detected on 209.85.217.49 from multiple ip addresses (8)
2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.43 from multiple ip addresses (8)
2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.49 from multiple ip addresses (8)
2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.41 from multiple ip addresses (8)
2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.52 from multiple ip addresses (8)
2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.44 from multiple ip addresses (8)
2019-10-23 09:52:04.00 smtp: Spammer sending detected on 209.85.217.52 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.52 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.48 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.46 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.46 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.51 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.42 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.41 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.51 from multiple ip addresses (8)
2019-10-30 23:31:16.00 smtp: Spammer sending detected on 209.85.222.43 from multiple ip addresses (8)
2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.222.48 from multiple ip addresses (8)
2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.161.52 from multiple ip addresses (8)
2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.210.44 from multiple ip addresses (8)
2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.161.51 from multiple ip addresses (8)
2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.161.51 from multiple ip addresses (8)
2019-10-30 23:31:17.00 smtp: Spammer sending detected on 209.85.219.181 from multiple ip addresses (8)
Jim Lohiser
N2Net
|