On Mar 29, 6:56pm, Pat Moffitt wrote: > I have been seeing a few of these and find them, well, interesting. > > 2002-03-29 00:14:18 refused relay (host) to <mattkellat_private> from > <mattkelat_private> H=(12.144.138.34) [12.254.177.131] > > If you check you will find that 002645587623.com does exist. They are > sending out email trying to relay through other servers and the hello has > the server's address in it. So all they have to do is log all the > H=(xx.xx.xx.xx)'s and they have a list of open mail relay servers. Well, the first thing to do is to check whether this might be a legitimate relay-testing service (e.g., something like http://www.ordb.org, with the motivation being enabling people to block email from open relays); I doubt it, since I've certainly never heard of them. A whois check (see http://www.samspade.org for one convenient means of doing this) reveals that the registrant is "Matt Kelly", and a search for this name in news.admin.net-abuse.* reveals http://groups.google.com/groups?q=Matt+Kelly+group:news.admin.net-abuse.*&hl=en&scoring=r&selm=3C9FE994.B830F441%40ids.net&rnum=4 and the info that, no, this isn't legitimate, it appears to be a spammer. > Anything we can do about these? Well, since this is going through AT&T, according to the IP address (translates to 12-254-177-131.client.attbi.com), complaining to them (abuseat_private) would be a start. Complaining to venturesonline.com (who hosts 00264587623.com) might also help, except that from the evidence locatable via news.admin.net-abuse.*, they appear not to care about spamming et al (I might mention that venturesonline.com blocks are listed on multiple blacklists, including SPEWS (see http://www.spews.org)), so going to their upstream, bbnplanet.net, might help - abuseat_private -Allen -- Allen Smith http://cesario.rutgers.edu/easmith/ September 11, 2001 A Day That Shall Live In Infamy II "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Mar 31 2002 - 21:52:07 PST