52.184.164.73 in my logs
Dear list,
One of my users is reading e-mail from his phone. When he logs in, this is what I see in my logs :
Apr 10 16:17:58 auth-worker(17101): Debug: sql(xxx@mydomain.tld,52.184.164.73): query: SELECT email as user, password FROM users WHERE email = LOWER('xxx@mydomain.tld') [...] Apr 10 16:17:58 imap-login: Info: Login: user=xxx@mydomain.tld, method=LOGIN, rip=52.184.164.73, lip=10.10.10.19, mpid=19286, TLS, session=<E6cEB4BprgA0uKRJ>
Both lines show a remote IP of 52.184.164.73, which is strange since all my users are, and connect from, Algeria. According to the ispinfo website (http://www.ispinfo.net/isp/52.184.164.73.html), this IP belongs to Microsoft.
Could it be that the outlook app uses microsoft's servers to fetch the mail before handing them to the user ?
Daniel.
daniel_1983@protonmail.com wrote:
Could it be that the outlook app uses microsoft's servers to fetch the mail before handing them to the user ?
Yes, this is the case. Have a little web search for "microsoft outlook app security risk" to see the implications.
Grüße, Sven.
-- Sigmentation fault. Core dumped.
Thanks for confirming this Sven. I took your advice and found out that according to fastcompany website, the app stores messages on third party servers and sends password information back to microsoft (annotated source: https://genius.it/14327807/www.fastcompany.com/3042238/microsofts-new-outloo...)
I spotted a couple other IP addresses that also belong to them and are used to access my users mailboxes (and possiblty passwords !)
http://www.ispinfo.net/isp/52.232.250.20.html http://www.ispinfo.net/isp/40.123.47.209.html
Daniel
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On April 15, 2018 11:37 AM, Sven Hartge sven@svenhartge.de wrote:
daniel_1983@protonmail.com wrote:
Could it be that the outlook app uses microsoft's servers to fetch the
mail before handing them to the user ?
Yes, this is the case. Have a little web search for "microsoft outlook
app security risk" to see the implications.
Grüße,
Sven.
Sigmentation fault. Core dumped.
participants (2)
-
daniel_1983@protonmail.com
-
Sven Hartge