I must admit I like http://126.com 's #spf/#dkim failure reports. They've taken care to include all relevant headers https://home.nuug.no/~peter/20171213_126.com_spf.dkim.failure.report.txt so I can use the report to blacklist the offending IP address *and* add the faked sender to my spamtraps at https://www.bsdly.net/~peter/traplist.shtml (also see http://bsdly.blogspot.no/2013/04/maintaining-publicly-available.html for the blacklist maintenance principles).
It looks like at least part of the reason is that end user products ship with a default configuration that has admin as sole user with admin as the password, see eg http://19216811.wiki/default-router-passwords/. And apparently a lot of rpis out there run with the pi user still enabled (guess the password!). I get a lot of those too.
Looking at my sshd auth logs, I see almost as many attempts at admin as root. Was there ever a Unix variety with admin was a common username, or are we just seeing that it's early in their dictionary and all they get around to before the auto-LART? (as in http://bsdly.blogspot.no/2017/04/forcing-password-gropers-through.html or https://home.nuug.no/~peter/pf/en/bruteforce.html)
pledge() work in progress https://undeadly.org/cgi?action=article;sid=20171208082246
arm64 platform now officially supported [and has syspatch(8)] https://undeadly.org/cgi?action=article;sid=20171208082238
In the continuing series "Robots operated by morons", I respectfully submit https://home.nuug.no/~peter/spam-and-scams/20171127_access_blocked.png, text version https://home.nuug.no/~peter/spam-and-scams/20171127_access_blocked.txt (with full headers included of course) https://mastodon.social/media/TRTTroISQNr7wi4pEmA
Official OpenBSD 6.2 CD set - the only one to be made! https://undeadly.org/cgi?action=article;sid=20171118190325
p2k17 Hackathon report: Florian Obser on network stack progress, kernel relinking and more https://undeadly.org/cgi?action=article;sid=20171113235334
p2k17 Hackathon Report: Landry Breuil on Mozilla things and much more
They really are quite cute sometimes, https://home.nuug.no/~peter/spam-and-scams/urgent_server_warning_20171112.png - with full headers at https://home.nuug.no/~peter/spam-and-scams/2017112_urgent_server_warning_shutdown_account_peter_at_bsdly_dot_net.txt
Please remember that fun and useful things like https://www.bsdly.net/~peter/traplist.shtml exist because #OpenBSD made them possible (an incomplete list of innovations is up at https://www.openbsd.org/innovations.html). So if you benefit from any of this, please donate, see the options listed at https://www.openbsd.org/donations.html.
Today the total number of spamtraps at https://www.bsdly.net/~peter/traplist.shtml rolled past 40k, mainly due to some dimwit feeding a DOS-style file to a Unix program, producing some hilarious invalid usernames used to try to log in to one of my boxes. Blacklisted hosts hover around 27k.
To view the full list, see https://www.bsdly.net/~peter/sortlist.txt (also included in the page). Your browser will semi-correctly interpret some entries as HTML tags and does not render the full page (for why see https://bsdly.blogspot.no/2016/12/so-somebody-is-throwing-html-at-your.html).
p2k17 Hackathon Report: Anthony J. Bentley on firmware, games and securing pkg_add runs https://undeadly.org/cgi?action=article;sid=20171110124656
p2k17 Hackathon report: Sebastian Reitenbach on Puppet progress https://undeadly.org/cgi?action=article;sid=20171110124645
p2k17 Hackathon report: Christian Weisgerber on random devices, build failures and gettext https://undeadly.org/cgi?action=article;sid=20171109171447
p2k17: Herzliche grusse vom Berlin (espie@ on mandoc, misc packages progress) https://undeadly.org/cgi?action=article;sid=20171107185122
What looks to be a new phishing round sends mail from ??DocumentSend@yourdomain.tld. Greylist dump from here at https://home.nuug.no/~peter/documentsend_20171107.txt - could be more out there, developing.
Do you use #OpenBSD? Or #OpenSSH,# LibreSSL or #PF (on any platform)? Then donating to the OpenBSD Foundation is a good thing: http://www.openbsdfoundation.org/campaign2017.html. If you need more reasons, here's my "OpenBSD and you" presentation: https://home.nuug.no/~peter/openbsd_and_you/
WARNING: There are people in charge of mail infrastructure that are ignorant enough to ask for copies of messages *with headers and body* when confronted with the scenario described in http://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.html