-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
How difficult is it to host a production grade GitHub or Gitlab server with only 1 engineer for 2000 developers?
Anyone with experience handling this? Is having one engineer enough? My organisation is not allowing us to hire more engineer.
https://redd.it/1kj9yac
@r_systemadmin
How many computers (working or not) do you have sitting around at home?
I write this question staring at a pile of retired laptops
https://redd.it/1kj8im0
@r_systemadmin
Is it normal to have a massive address space like this
I mean like a /8 subnet, containing smaller DHCP scopes for vlans (like a /27.) Networking isn't my strong point, but this practice seems odd to me. This is for a 50 person office.
https://redd.it/1kix2hj
@r_systemadmin
FYI - SharePoint Admin and user pages authentication issues
West US - our Help Desk just started blowing up with calls about SharePoint being unavailable.
It looks like SharePoint Admin is down. Intermittent issues accessing SharePoint sites, doesn’t matter if you cycle your tokens. You might get redirected to “something went wrong” or end up reaching your desired page.
There isn’t currently anything on Microsoft Health about this issue.
https://redd.it/1kis35v
@r_systemadmin
Just a reminder that this is a sys admin sub and not help desk
I know this is nothing new but the top post with over 400 comments right now is complaining about end users from someone who is clearly help desk and not a sys admin. Not a single comment in there mentioning it's the complete wrong sub, because it seems everyone posting in there is also a help desk agent and not a sys admin.
Can someone explain why they post here and not any of the many help desk subs? If I wanted to hear about end users or help desk issues I'd go to those subs, not here.
Edit: since a lot of people are saying that people often do both - I get that but that's still not a reason to post help desk stuff here. If I was a sys admin in a small company that also mowed the office lawns, I wouldn't post about lawn mowing in this sub, I'd post in the appropriate sub.
Edit2: seems this post triggered a lot of lost help desk agents in the wrong sub. Ah well, look forward to the continued "I hate end users" posts by people choosing to work in a service industry and hating the people that keep them employed. Hopefully one day a true sysadmin sub pops up.
https://redd.it/1kisw1a
@r_systemadmin
Passwords from DinoPass are "too complex" for users
New hire passwords aren't autogenerated and I have to set them manually. We have literally no guidelines on this, just that they have the basics (number, letter, symbol, 12 characters, upper/lowercase). So I've been going to DinoPass, generating a password, dressing it up a little, making sure it's easy to type, and then passing it off to who does the onboarding and tech training.
Today, I got an email that I don't have to make passwords "so complex" and to "keep it simple" (paraphrasing, there was more). For reference, this is a hypothetical password I would send out: 0F4ncy*5h1p.
They'll have to type that twice. Once during initial login and then once to set a new one. I just like to have a little fun with it, and I always make sure they're easy to read, say and type. I know others on the team tend to use the same password every time, but imo it's a bad habit and all of their generics are genuinely slow and nightmarish to type. But I haven't heard any complaints towards them from the same person.
I almost sent them an email showing them where I get my passwords, but maybe it's for the best that I didn't. I just don't get why adults in a corporate environment are so coddled, and why mild and very temporary user discomfort is prioritized over everything. And that it feels like I get more pushback with the more thought and effort I put into things.
I consider those weak and simple... but are they too complex? Am I overthinking it? Does anyone even care about basic computer security habits anymore?
https://redd.it/1kio8s4
@r_systemadmin
So Sick of Off Shore
Me: can you show me what you’re doing for SQL monitoring?
Off shore deputy of monitoring: here are backup failure dashboards we can do.
Me: what about sessions, memory, LR queries?
Off shore deputy of monitoring: give me code for anything you want.
Me: so you have no templates?
Off shore deputy of monitoring: no, we use a garbage product, and I have no idea what you’re asking me to do.
Me: can we get a TCP port check monitor?
Off shore deputy of monitoring: I’ve never done that.
Me: what about AD monitoring? Replication issues? Services? Do you have a simple AD template?
Off shore deputy of monitoring: no idea what you’re talking about.
May I leave for dinner?
End of meeting.
https://redd.it/1kiho9b
@r_systemadmin
37signals just completed a full migration off AWS S3 — saving over $10 million
After more than 10 years relying on AWS, 37signals (creators of Basecamp and HEY) has fully moved 18PB of storage out of S3 and into its own data centers powered by Pure Storage and Dell Servers. Annual storage costs dropped from \~$1.5M to under $200K. AWS even comped the $250K egress fee, per its EU Data Act commitments.
They’re calling this "cloud repatriation" — and for them, it seems to be paying off.
Their CTO DHH says:
>
More details and a deep dive here: https://systemadministration.net/37signals-says-goodbye-to-aws-full-s3-migration-and-10m-in-projected-savings/
Would you consider moving off cloud infra if savings and control made sense?
https://redd.it/1kiizbh
@r_systemadmin
Hack into a server we own... Lost connection to domain and LAPS wont take
Hi guys, anyone here that knows any backdoor into windows except sethc.exe hack? This wont work cause of defender.
Or are we screwed and need to reinstall the server?
Its a Hyper-v vm btw
https://redd.it/1kiealu
@r_systemadmin
Weekly 'I made a useful thing' Thread - May 09, 2025
There is a great deal of user-generated content out there, from scripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from scripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1kies1l
@r_systemadmin
Finally... Update Sharing Permissions Without Creating a New Link in SharePoint Online
Microsoft 365 is rolling out “Hero Link” later this year (ETA: late 2025).
The idea is simple: one link per file. Always the same link, no matter how you share it (email, Copy Link, direct from browser). No more generating a new link every time you change permissions.
# TL;DR – Here’s what you get:
Change permissions on an existing shared link – no need to resend
One smart link per file, shared across all channels
"Access Denied" errors drop dramatically
Bulk update access for files/folders
When Hero Link goes live, existing links won’t break. They’ll show up under a new “Other Links” section for cleanup/visibility.
Anyone else excited to stop explaining to users why “the link worked for them but not for me”?
https://techcommunity.microsoft.com/blog/OneDriveBlog/simple-smart-and-secure-the-next-step-in-sharing-files-in-microsoft-365/4411655
https://redd.it/1kibyce
@r_systemadmin
Complaining about performative sales, apropos of very little
I've been looking at both iXSystems NAS units and 45Drives units. And I am SO annoyed that they don't have online building tools with prices. Every build I throw together, except for the TrueNAS Mini, ends with a "Submit for a quote" or some sort of "Contact us for help."
I don't want help. I don't want input. I want to play with configurations, not talk to anybody, and buy shit. I literally sent an email to iX saying I don't want sales, I don't want somebody to walk me through solutions, I just want to buy, and I'm ready to throw money at them. They said they appreciate my directness and they were eager to help. I said, great, thanks for accommodating me. Now they won't write me back.
I once tried to get a price on 8U in a data center. The one company said, "We won't talk prices until you've taken a tour of our facility." I said, "Listen, let me help you. I'll spend my money here if the price is right. I just don't need you to wow me." They insisted I meet them.
Their loss.
Anyhow... should I be looking at other companies that have nice, one-stop units like those that will also spare me the process? The company I'm contracting with won't want to pay me to build the thing. And I stopped using OWC units more than a decade ago. TrueNAS Core for the OS.
Back to my rant: Why? Why do they do this to us?
https://redd.it/1ki6x33
@r_systemadmin
PSA: error CAA2000B when signing into Outlook
We've seen a bunch of M365 tenants this morning with application ID 40775b29-2688-46b6-a3b5-b256bd04df9f (“Microsoft Information Protection API”) getting turned off in Entra (under Enterprise Applications). This is causing a ton of users across multiple tenants to be unable to sign in to Outlook. Re-enabling this application ID fixes the issue. Hopefully this helps somebody out.
https://redd.it/1khw88o
@r_systemadmin
Archived MSDN and TechNet Blogs
Sometimes when searching for info you find a reference to old MSDN and TechNet Blogs, which don't exist at their original URLs anymore.
You might be able to find what you want here: https://learn.microsoft.com/en-gb/archive/blogs/
(Credit: Raymond Chen: https://devblogs.microsoft.com/oldnewthing/20241231-01/?p=110698)
https://redd.it/1khq9i4
@r_systemadmin
Ubiquiti Patches Critical UniFi Camera Remote Code Execution Flaw
Ubiquiti has released urgent security updates for its UniFi Protect camera firmware and application after disclosing two vulnerabilities, one of which received a critical CVSS score of 10.0 due to its remote code execution (RCE) potential.
Both flaws could allow attackers to gain unauthorized access to video streams or execute code remotely, posing serious risks to network and physical security.
https://cyberinsider.com/ubiquiti-patches-critical-unifi-camera-remote-code-execution-flaw/
https://redd.it/1khpwgk
@r_systemadmin
Sysadmin aura
I took a much needed vacation a few weeks ago. While waiting to board my flight I got an emergency message from work saying barcode printers at the manufacturing site didn’t work. It was Saturday so I told them to use different printers and wait for Monday to let IT look at it.
When the plane landed I had messages waiting saying the other printers also didn’t work. I called my tech to tell him to look at the printers on Monday.
On Monday my tech told me he figured out that ALL the barcode printers at the manufacturing site would randomly stop working at the exact same time. The workaround was to turn them all off and on again. They would work until the same thing happened again. The printers are network printers so he had set up a computer to ping them and he sent me screenshots on how they all stopped responding at the same time.
I came back to work after two weeks. Users were sick and tired of turning the printers off and on again because there are so many of them and they begged me to fix things ASAP. So I ran Wireshark then we sat in front of the big monitor with the pings, and… so far it’s been a whole week without issues.
TL;DR: printers stopped working on the day I left for vacation and started working on the day I came back. Did not do anything.
https://redd.it/1kj9sjm
@r_systemadmin
Jacks of all trades - future options?
Hi all!
I'll try not to overwhelm you with wall of text...
So, 17 YOE, first 8 years on-prem systems engineer (networks, ms enterprise products like sql, exchange, vmware, storage ...) at MSP, left to a product company with similar stack and similar job but with more complex hardware. Then company split and I was transferred to a new company as single IT person managing everything, network, os, product deployment, security, compliance, ci/cd in general, static code analysis, practically everything except end user machines. Unfortunately, I am there 8 years now and everything that I setup didn't change and I lost access to hardware layer as the previous company hosts everything for us, just have access to OS level. Since I had a lot of spare time, I started with side work with cloud mostly (AWS/Azure) and managed to get 2nd full time job initially as a part of internal IT of big company (AWS based) where things were interesting (mostly dealing with IAM at identity life cycle) and then that team was killed and new team was created dealing only with IAM of the platform for their SAAS product (not really interesting work and can't say I can use that knowledge in the future). So last 4 years there, company fired a lot of people along with myself and for last 4 months I can't find anything full remote, full time.
I have applied to over 100 jobs across EU, I am very capable and I can get the work done, just tell me what you need. Anyway, I had few interviews for devops roles and the problem is usually related to infra design questions as I wasn't doing much of those, so off the top of my head I wouldn't provide satisfying answers but then again, I would always research the topic for the work that awaits me so my work was sound in the end. Since I don't have k8s production experience (but I know the basics and did some work with it), my plan is to get myself certified with CKA and CKSS (as security is hard and I am sure is ignored in most k8s deployments), AWS SA. On on-prem stuff I think my train departed, haven't touched vmware since version 6.7, probably a lot of stuff changed and one interview I've been to related to on-prem it was clear how outdated I am and for them it didn't make sense to hire me.
So how are you rest jacks dealing with current job market? To me it seems that employers are not allowing possibility for candidates to learn something new at their work place, instead they want 100% match in skills. Like wtf is wrong with you?!
https://redd.it/1kj6259
@r_systemadmin
Microsoft now recommends disabling STS
> We recommend that you consider disabling the STS feature in all Windows Server 2016 and later Windows Server machines hosting generic/non-time-sensitive workloads to avoid unforeseen timekeeping-related incompatibility issues arising from STS.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/sts-recommendations-for-windows-server
https://redd.it/1kip2xg
@r_systemadmin
Project engineers were hired and took away 75% of my work. How do I ensure that I stay useful?
Been with my current company for about 8 years, and the entire time up until 6 months ago it was just me and my manager. I was balls to the wall busy from the minute I sat down until the minute I left, completely overwhelmed. Projects, tickets, deployments, maintenance. I did it all. A year ago my manager brought in somebody only did tickets which was amazing. Then about 6 months ago out of nowhere my manager told me that he was hiring a small Army of specialists and project engineers to come in and help. Since then, my workload has gone from a full 8 hours a day and I was lucky if I ended the day accomplishing more tasks than had built up throughout the course of the day to having maybe 3 hours worth of work to do a day on a busy day.
I've already done all the usual stuff. Update documentation, helped out with tickets, did inventory. I understand that I can study for certifications and what not and I have have, what I'm talking about how can I ensure that I remain immediately useful in a tangible way where the vast majority of my work was taken away by a different team.
https://redd.it/1kithim
@r_systemadmin
Is your org still doing annual password resets in 2025?
Hey fellow sysadmins,
I’m at a company that recently recovered from a ransomware attack, and we reset everyone’s passwords as part of the cleanup. Now, my boss wants to enforce mandatory annual password resets for all users — possibly even including cloud-only accounts. I’m skeptical and looking for insights before I propose an alternative.
**Why I’m hesitant:**
* NIST and other modern security frameworks say periodic password resets are outdated unless there’s evidence of compromise
* We’re a hybrid Entra ID environment, with Windows Hello for Business already deployed for most users
* Privileged admin passwords are reset every 6 months, which feels more justified than enforcing resets for standard users
* I tested the password reset process for remote users and... it’s a nightmare:
* Windows Hello errors after reboot
* Must switch to password, reconnect VPN, lock session, and re-enter PIN
* Office apps, Edge, and OneDrive all require re-authentication
* Significant **user frustration** and likely a spike in support tickets
Password age data shows many users would be hit immediately. With our hybrid workforce, I’m concerned about productivity and the support burden.
**My plan:**
I want to propose a shift to **passwordless authentication** — using FIDO2 security keys or expanding our existing Windows Hello for Business deployment to eliminate passwords as much as possible.
**Questions for you:**
* Does your org (especially those still using Active Directory) enforce annual password resets in 2025? If not, how did you convince leadership?
* Anyone running passwordless in a hybrid environment? What solutions worked well?
* Any killer metrics, user feedback, or resources that helped you sell modern password policies to leadership?
Hit me with your real-world experiences and advice — thanks in advance!
https://redd.it/1kipe8h
@r_systemadmin
When IT Has to Bear the Burden of a Bad Vendor
How often do you deal with situations where IT has a minor role or no role in the vendor selection, but has to bear the brunt of the responsibility when the vendor falls short?
This past year, in lieu of building our an internal team to support a key piece of software that was feature-rich, one of our departments decided they wanted something that "just worked". This is a company thats transitioning from an owner-led business to a more corporate structure so there's weird political dynamics where a few long-timers have more influence and the org chart is messy near the top. So of course, just a couple of influential people made the decision to switch to an OTS product that wasn't as feature-packed as our current platform. They were sweet talked by the vendor and made the key mistake of believing "I can change her" or that the vendor would bend to their will and include functionality that the system currently lacked, but that we really need.
I really love my IT management, but the one thing I can't stand is our "Yes, men" mentality. Now, don't get me wrong. I'm a firm believer that IT should be driven by business needs but IT Leadership needs to be straight shooters. Someone should have known that when you sign on the dotted line, you're choosing the product for what it is, not what it could be. You absolutely should not greenlight a product because of vendor promises when it lacks critical functionality. But they did and now IT, my team, is tasked with building out the missing functionality and training the department on how to use it. But remember, the reason we're here is because the business didn't want to build the team to support the previous platform which was feature-packed but need to be built out (think SAP). Now we're back at square one which means I have to drop what I'm doing to learn something new and train others on it---and they need it yesterday.
I feel like I'm being set up to fail. I feel like IT is setting itself up to be the fall guy for a bad vendor decision. How would you handle this situation? I plan on stopping my current project to focus on skilling up. But I'm not working extra hours.
https://redd.it/1kig0fp
@r_systemadmin
Finding helpdesk people who clears "must change password at next logon" flag
We had some people who had a simple password, who has had it assigned by our helpdesk, where the operator cleared the "Must change password at next logon".
I set out to find out who was doing that, and I found 2 unrelated events can tell me if they did or not.
We have all DC events in Log Analytics.
Basically, we do get eventID 4724 when helpdesk userH changes userA password.
Shortly after, we get one or more 4738 (User account changed), and PasswordLastSet contains a timestamp or %%1794 - Often we get both, a timestamp for the password change, and then shortly after the %%1794 saying password expired. Sometimes only the %%1794 event (Change at next logon).
In best Microsoft style, all these are independent events. So if you get a 4724, you have to look for 4738 evens shortly after with account=userH and TargetAccount=userA
So if we get 4724, we need to see if we have any 4738 events within the next 5 seconds, with same Account and TargetAccount - And see if the latest of these are the %%1794.
Apart from running powershell, and trying to track everything locally, can somebody come up with a KQL query that can help here ? We have 5k+ password reset per month - And when Helpdesk gives people an easy password, they will not use self-service
https://redd.it/1kifk09
@r_systemadmin
End user from hell
I work for an MSP, and one of the businesses we support hired a new person. By new, I mean this person was born yesterday. I've seen roadkill with more brain cells than them.
They have already put in 20 tickets of the most mind-numbing BS you could think of. This is a list of some of my favs. Best at the end.
* "Headset not working" = USB wasn't plugged in.
* "Headset not ringing" = Windows was muted.
* "Outlook New is crap and it's all your fault!!!!" = Toggle back to classic in the top right.
* "SharePoint files aren't syncs this system is crap!!" = OneDrive needed the new password.
* "My laptop isn't working!?!?" = They were saving every email as a .eml file in their document library, filling up the C drive.
* "I can't print" = User was not inputting their department code when it was asking for it.
* "My camera isn't working???" = The privacy slider was covering the camera. The user then followed up with "Does the camera need to be facing me to see me?"
This person is my 13th reason...
https://redd.it/1kihhmx
@r_systemadmin
This was one of the Stupidest thing that someone ask/told me (IT Support)
I received a phone call from one of our managers who was in a meeting with a client. They couldn't get the client's laptop connected to our Wi-Fi, and they needed to display important information on the boardroom PC.
# Background Information: We use a guest Wi-Fi voucher system that provides clients with temporary connections for a specified time. Additionally, we have a spam filter in place.
When I arrived at the boardroom to assist, I began setting up the client's laptop with the guest Wi-Fi. Meanwhile, the manager started venting about how it always seems to be a struggle to get things working in front of clients. He went on about constant IT problems and questioned why things never work correctly, especially when he wants to use the boardroom for meetings. I stayed quiet, letting him vent while I focused on the setup.
After I finished connecting the client to the guest Wi-Fi, the client asked me to check if the email they had tried to send to the boardroom PC had gone through. I logged into the boardroom PC and confirmed that the email wasn't delivered. The manager asked why it wouldn't have been delivered. I explained that if the email wasn't received, it was either not sent from the client’s side, still buffering, or potentially blocked by our firewall or spam filters.
While explaining this, I called one of my colleagues to check if the email had been flagged by the spam filter, and I also asked the client to try resending it.
In the midst of this, the manager, with full confidence, asked me, "I thought you guys removed the firewall?"
I paused for a moment, stunned, and replied, "No, we definitely can't do that."
The manager responded with an Oh, paired with a look that somehow implied I was responsible for all the issues from the very beginning.
Just as I finished that explanation, the new email came through. I completed the final setup, made sure everything was running smoothly, and left.
I’m still laughing as I type this because I can’t get over that manager’s statement.
https://redd.it/1kievni
@r_systemadmin
Who could have predicted this?!
3-4 Months Ago....
Me: Hey I know we are planning on switching from x to y when our contract with x expires later this year. As you are aware x is critical part of our infrastructure and we really want to test this transition and do it gradually and give notice well in advance because it will be disruptive to BAU for the sites where we need to make the switch. We need to make a plan. If you approve I can get started now and we can be ready before the contract expi-
Company: ....Test cost money?
Me: Well yes we would need to purchase licenses in advance for y so that I can test and start the-
Company: WE NO SPEND MONEY.
Me: Are you sure we should really-
Company: SPEND MONEY BAD DO YOU NOT KNOW?!
Me: Alright... (thankful I have this in writing...)
Now
Company: Where did we come with the transition from x to y?!
Me: We haven't started yet since you said....3-4 months ago that-
Company: BUT YOU QUIT IN TWO WEEKS and ARE ONLY ONE ON SITE TO MAKE CHANGE FROM X to Y AND WE HIRING OFFSHORE!
Me: Wow that is crazy huh (pulls up email from 3-4 months ago). Well if I start now and drop all my other handover tasks I can probably get a bit of x to y done but remember its going to be very disruptive to BAU tasks.
Company: THIS NOT GOOD
Me: Damn that's crazy (lol, lmao even).
https://redd.it/1kid805
@r_systemadmin
Changing Passwords
For those who work with other sys admins. When a sysadmin leaves do you change all your passwords. Servers, wireless controllers, Switches etc?
https://redd.it/1ki2src
@r_systemadmin
Gonna be that kinda day, huh?
It's actually that kinda week. Anyway, had a defective audio intercom device that wasn't announcing zone-based doorbell alerts properly. Try and log in and it takes my creds but loads a blank white page. Memory leak or something, whatever. Look it up and pull it on the switch. Plug the cable back in and that exact millisecond that it touches the switch, we lose power on all lighting circuits.
I thought "oh, grounding issue or overdraw...but why is the switch still on? This is PoE. OMG a live wire is touching the controller or something."
Nope.
Coincidence. Maintenance working on a dimmer switch (live!) shorted it. FML. Anyway, doorbells work now. Also light just came back on, yay.
Corporate HQ now on my ass about POWER OUTAGE WWWWHAAAAT cause I had to report it immediately.
So the moral of the story is, coincidences happen but more importantly, we can rewire half the building in less time than it takes Microsoft to create an EMPTY FUCKING MAILBOX FOR A NEW HIRE! IT'S EMPTY. HOW MUCH CPU TIME CAN IT POSSIBLY TAKE TO CREATE AN EMPTY MAILBOX!?!?!?! It's BEEN 45 MINUTES YOU ASSHOLES!
https://redd.it/1khyvt7
@r_systemadmin
Counteroffer for New Job
I’ve been the IT guy for a sales and service small business company for about 8 years. I do computer, phone, tablet, VoIP, MDM, printer, NetSuite Admin, etc. and get paid around 79K per year in the SF Bay Area. I’ve had my ups and downs with my boss with his style of management. He micromanages and gets involved in a lot of things. Other employees are feeling it too. I currently drive to work and it takes me about 30 minutes each way.
I started looking for a job and found one as a field tech in the city. The job is similar but with less responsibilities but require travel to different sites with a personal vehicle - mileage reibursement will be provided. No NetSuite, VoIP, just support and setup. BART time is about 50 minutes each way, plus time to park and wait for the train; maybe an hour each way.
I got offered 90k for base. On their posting 80k was the low and 100k was the high. I am thinking of asking for 110k due to the travel cost and personal vehicle requirement. Thoughts? Too much? Too little? Just right? TIA
https://redd.it/1khx70d
@r_systemadmin
Windows 11 offline servicing apparently not a thing anymore...what to do?
We are trying to wrap our Windows 11 image into our servicing process so that we can prepare to deploy it. At first, we tried the built-in servicing in Configuration Manager, but it was giving the error "Failed to apply one or more updates". Then we tried manually mounting the .wim and using dism, but that's giving us "An error occurred applying the Unattend.xml file from the .msu package. Error: 0x800f0838".
Came across this and welp...ok, uh, what's the alternative?
What is everybody else doing for Windows 11 image servicing for on-prem deployments?
https://redd.it/1khpg7c
@r_systemadmin
email appears to be from themself but originated from remote sending IP.
Hi all
We have a situation where a user received an email that appears to be from themself, but they didn't send the email. The originating IP is from the other side of the world. We use M365 business premium with MFA setup and we have a location-based CA policy that would block a user from signing in from that location. The user sign in logs show no sign in activity from that location. I'm stumped on how the email was accepted and made it to their inbox.
The email contained a svg attachment, but the user didn't click on it.
For now I've created a rule to block emails from that IP range but my thinking is whoever did this could just switch the sending IP and send more.
Any thoughts on how this could happen or any tips on what I can do to prevent this from happening going forward?
Thanks in advance.
https://redd.it/1khp09r
@r_systemadmin