Dear list,
One of my users is reading e-mail from his phone. When he logs in, this is what
I see in my logs :
Apr 10 16:17:58 auth-worker(17101): Debug: sql(xxx at
mydomain.tld,52.184.164.73): query: SELECT email as user, password FROM users
WHERE email = LOWER('xxx at mydomain.tld')
[...]
Apr 10 16:17:58 imap-login: Info: Login: user=<xxx at mydomain.tld>,
method=LOGIN, rip=52.184.164.73, lip=10.10.10.19, mpid=19286, TLS,
session=<E6cEB4BprgA0uKRJ>
Both lines show a remote IP of 52.184.164.73, which is strange since all my
users are, and connect from, Algeria. According to the ispinfo website
(http://www.ispinfo.net/isp/52.184.164.73.html), this IP belongs to Microsoft.
Could it be that the outlook app uses microsoft's servers to fetch the mail
before handing them to the user ?
Daniel.
daniel_1983 at protonmail.com wrote:> Could it be that the outlook app uses microsoft's servers to fetch the > mail before handing them to the user ?Yes, this is the case. Have a little web search for "microsoft outlook app security risk" to see the implications. Gr??e, Sven. -- Sigmentation fault. Core dumped.
Thanks for confirming this Sven. I took your advice and found out that according to fastcompany website, the app stores messages on third party servers and sends password information back to microsoft (annotated source: https://genius.it/14327807/www.fastcompany.com/3042238/microsofts-new-outlook-app-isnt-safe-for-government-email) I spotted a couple other IP addresses that also belong to them and are used to access my users mailboxes (and possiblty passwords !) http://www.ispinfo.net/isp/52.232.250.20.html http://www.ispinfo.net/isp/40.123.47.209.html Daniel ?Sent with ProtonMail Secure Email.? ??????? Original Message ??????? On April 15, 2018 11:37 AM, Sven Hartge <sven at svenhartge.de> wrote:> daniel_1983 at protonmail.com wrote: > > > Could it be that the outlook app uses microsoft's servers to fetch the > > > > mail before handing them to the user ? > > Yes, this is the case. Have a little web search for "microsoft outlook > > app security risk" to see the implications. > > Gr??e, > > Sven. > > > -------------------------------------------------------------------------------------------------------------------------------------- > > Sigmentation fault. Core dumped.