Issue or by design? outbound.protection.outlook.com knocking on port25?

elmarconi

Well-Known Member
Nov 28, 2017
52
15
48
57
I am experiencing some strange logging:

Jul 14 19:14:53 PMG8-CT postfix/postscreen[27294]: CONNECT from [52.101.81.94]:30283 to [192.168.12.34]:25
Jul 14 19:14:53 PMG8-CT postfix/postscreen[27294]: PASS OLD [52.101.81.94]:30283
Jul 14 19:14:54 PMG8-CT postfix/smtpd[27297]: connect from mail-swedencentralazon11021094.outbound.protection.outlook.com[52.101.81.94]
Jul 14 19:14:54 PMG8-CT postfix/smtpd[27297]: disconnect from mail-swedencentralazon11021094.outbound.protection.outlook.com[52.101.81.94] ehlo=1 starttls=1 quit=1 commands=3
Jul 14 19:14:54 PMG8-CT postfix/postscreen[27294]: CONNECT from [52.101.81.87]:63984 to [192.168.12.34]:25
Jul 14 19:15:00 PMG8-CT postfix/postscreen[27294]: PASS NEW [52.101.81.87]:63984
Jul 14 19:15:00 PMG8-CT postfix/smtpd[27297]: connect from mail-swedencentralazon11021087.outbound.protection.outlook.com[52.101.81.87]
Jul 14 19:15:00 PMG8-CT postfix/postscreen[27294]: CONNECT from [52.101.81.73]:1895 to [192.168.12.34]:25
Jul 14 19:15:00 PMG8-CT postfix/smtpd[27297]: disconnect from mail-swedencentralazon11021087.outbound.protection.outlook.com[52.101.81.87] ehlo=1 starttls=1 quit=1 commands=3
Jul 14 19:15:06 PMG8-CT postfix/postscreen[27294]: PASS NEW [52.101.81.73]:1895
Jul 14 19:15:06 PMG8-CT postfix/smtpd[27297]: connect from mail-swedencentralazon11021073.outbound.protection.outlook.com[52.101.81.73]
Jul 14 19:15:06 PMG8-CT postfix/postscreen[27294]: CONNECT from [52.101.81.89]:4684 to [192.168.12.34]:25
Jul 14 19:15:06 PMG8-CT postfix/smtpd[27297]: disconnect from mail-swedencentralazon11021073.outbound.protection.outlook.com[52.101.81.73] ehlo=1 starttls=1 quit=1 commands=3
Jul 14 19:15:12 PMG8-CT postfix/postscreen[27294]: PASS NEW [52.101.81.89]:4684
Jul 14 19:15:13 PMG8-CT postfix/smtpd[27297]: connect from mail-swedencentralazon11021089.outbound.protection.outlook.com[52.101.81.89]
Jul 14 19:15:13 PMG8-CT postfix/smtpd[27297]: disconnect from mail-swedencentralazon11021089.outbound.protection.outlook.com[52.101.81.89] ehlo=1 starttls=1 quit=1 commands=3

And the sequence repeats after some 5 10 minutes:

Jul 14 19:25:14 PMG8-CT postfix/postscreen[30398]: CONNECT from [52.101.82.121]:5050 to [192.168.12.34]:25
Jul 14 19:25:20 PMG8-CT postfix/postscreen[30398]: PASS NEW [52.101.82.121]:5050
Jul 14 19:25:20 PMG8-CT postfix/smtpd[30420]: connect from mail-swedencentralazon11022121.outbound.protection.outlook.com[52.101.82.121]
Jul 14 19:25:20 PMG8-CT postfix/smtpd[30420]: disconnect from mail-swedencentralazon11022121.outbound.protection.outlook.com[52.101.82.121] ehlo=1 starttls=1 quit=1 commands=3
Jul 14 19:25:20 PMG8-CT postfix/postscreen[30398]: CONNECT from [52.101.82.123]:54450 to [192.168.12.34]:25
Jul 14 19:25:20 PMG8-CT postfix/postscreen[30398]: PASS OLD [52.101.82.123]:54450
Jul 14 19:25:20 PMG8-CT postfix/smtpd[30420]: connect from mail-swedencentralazon11022123.outbound.protection.outlook.com[52.101.82.123]
Jul 14 19:25:21 PMG8-CT postfix/postscreen[30398]: CONNECT from [52.101.82.129]:57445 to [192.168.12.34]:25
Jul 14 19:25:21 PMG8-CT postfix/smtpd[30420]: disconnect from mail-swedencentralazon11022123.outbound.protection.outlook.com[52.101.82.123] ehlo=1 starttls=1 quit=1 commands=3
Jul 14 19:25:21 PMG8-CT postfix/postscreen[30398]: PASS OLD [52.101.82.129]:57445
Jul 14 19:25:21 PMG8-CT postfix/smtpd[30420]: connect from mail-swedencentralazon11022129.outbound.protection.outlook.com[52.101.82.129]
Jul 14 19:25:21 PMG8-CT postfix/smtpd[30420]: disconnect from mail-swedencentralazon11022129.outbound.protection.outlook.com[52.101.82.129] ehlo=1 starttls=1 quit=1 commands=3
Jul 14 19:25:21 PMG8-CT postfix/postscreen[30398]: CONNECT from [52.101.82.121]:54071 to [192.168.12.34]:25
Jul 14 19:25:21 PMG8-CT postfix/postscreen[30398]: PASS OLD [52.101.82.121]:54071
Jul 14 19:25:21 PMG8-CT postfix/smtpd[30420]: connect from mail-swedencentralazon11022121.outbound.protection.outlook.com[52.101.82.121]
Jul 14 19:25:21 PMG8-CT postfix/smtpd[30420]: disconnect from mail-swedencentralazon11022121.outbound.protection.outlook.com[52.101.82.121] ehlo=1 starttls=1 quit=1 commands=3

This IP-block 52.101.82.0/24 seems Microsoft, as indicated by the hostnames: mail-swedencentralazon11022xyz.outbound.protection.outlook.com, with the xyx being the last octet of the ip-adres.
Anyone care to comment what is going on?
 
Last edited: