Necuno
Court Jester
- Joined
- Sep 27, 2005
- Messages
- 58,566
- Reaction score
- 3,437
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
&;$/&$)&/$)&$? Spammers
- Thread starter The_Unbeliever
- Start date
The_Unbeliever
Honorary Master
Ok guys
Said spammer did indeed send out copious amounts of spam. His IP is 74.238.194.123
How do I report this so that it can be blacklisted? I can forward log files proving that he loaded the server with spam.
In the meantime I have added a blacklist entry for his IP so he can do diddly-squat.
Said spammer did indeed send out copious amounts of spam. His IP is 74.238.194.123
How do I report this so that it can be blacklisted? I can forward log files proving that he loaded the server with spam.
In the meantime I have added a blacklist entry for his IP so he can do diddly-squat.
These (use all of them):
www.spamhaus.org
www.spamcop.net
www.dnsbl.info
Those above are aimed at punishing the ISP for allowing its network to be used by spammers and force the ISP to suspend the spammer's broadband account.
And then do this one as well for good measure:
www.spamhaus.org
www.spamcop.net
www.dnsbl.info
Those above are aimed at punishing the ISP for allowing its network to be used by spammers and force the ISP to suspend the spammer's broadband account.
And then do this one as well for good measure:
The_Unbeliever
Honorary Master
Right... so gonna complain of that abuse, thanks.
The_Unbeliever
Honorary Master
A snippet from my log :
Over and over and over again... 900+ of this kuk... The only thing that is static is the IP the spammer uses, so I assume he/she managed to compromise a server somewhere.
It is permanent on a blacklist now. Not going to remove it anymore. (both firewall and email server)
Code:
2012-4-21 23:57:23 GMT 74.238.194.123 User mx.google.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
2012-4-21 23:57:23 GMT 74.238.194.123 User mx.google.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
2012-4-21 23:57:23 GMT 74.238.194.123 User mx.google.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
>snip<
2012-4-21 23:57:24 GMT 74.238.194.123 User mx.b.hostedemail.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
2012-4-21 23:57:24 GMT 74.238.194.123 User mx.b.hostedemail.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
>some more snipping<
2012-4-21 23:57:24 GMT 74.238.194.123 User COL0-MC1-F47.Col0.hotmail.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
2012-4-21 23:57:24 GMT 74.238.194.123 User COL0-MC1-F47.Col0.hotmail.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
>aaaaaaaand some more snipperings<
2012-4-21 23:57:24 GMT 74.238.194.123 User BAY0-MC4-F34.Bay0.hotmail.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -
2012-4-21 23:57:24 GMT 74.238.194.123 User BAY0-MC4-F34.Bay0.hotmail.com MYSERVER 192.168.50.1 [email protected] 1031 [email protected] 3 0 1488 50 2012-4-21 23:57:3 GMT 0 Version: 6.0.3790.3959 - Mystery Shopper/Customer Service Evaluator [email protected] -Over and over and over again... 900+ of this kuk... The only thing that is static is the IP the spammer uses, so I assume he/she managed to compromise a server somewhere.
It is permanent on a blacklist now. Not going to remove it anymore. (both firewall and email server)
Last edited:
The_Unbeliever
Honorary Master
Reported the spammer to AT&T
Will report later to Spamhaus etc.
Will report later to Spamhaus etc.
satanboy
Psychonaut seven
Die spammers DIE!!
The_Unbeliever
Honorary Master
Added this :
Hope it do the trick... I'm getting gautvol.
SORBS will delist today at 23:00 GMT.
Code:
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
permitHope it do the trick... I'm getting gautvol.
SORBS will delist today at 23:00 GMT.
The_Unbeliever
Honorary Master
Delisted from all but one blacklist. 
Quite..... an interesting experience, I must say. Learnt something new. Tightened up email practices etc.
Looking at ASSP for email filtering as the ClearOS filter doesn't work.
Quite..... an interesting experience, I must say. Learnt something new. Tightened up email practices etc.
Looking at ASSP for email filtering as the ClearOS filter doesn't work.
Lino
I am back
- Joined
- Jan 26, 2008
- Messages
- 13,785
- Reaction score
- 56
What is terrible is when one has been de-blacklisted and a week later ones machine starts sending out spam again.
Then it takes weeks to resolve and one has to beg them to delist one. Horrible experience, libs does your Exchange server make use of a smart host or does it deliver mail using mx records?
Then it takes weeks to resolve and one has to beg them to delist one. Horrible experience, libs does your Exchange server make use of a smart host or does it deliver mail using mx records?
The_Unbeliever
Honorary Master
We don't make use of smart hosts. Deliver direct to the Internet. But I want to change that - get ASSP to filter both incoming and outgoing mail (if possible) to ensure that we don't pump out spam by accident.
And yes, it's a horrible experience.
The one ClearOs box I set up for a client do make use of smarthosts to deliver mail, but since that box runs fetchmail to retrieve their mails from their ISP, I don't need to worry about it sending out spam. Port 25 ob that box is closed tho.
The_Unbeliever
Honorary Master
Two weeks later and no more spammings. Yay.
I rebuilt our main Smoothwall as its IP block feature wasn't working - probably the HDD on its way out as it was a three-year old install.
I did a little Google on that IP, and found this :
http://www.bizimbal.com/odb/details.html?id=1069700
Quite interesting little busybody... seems he does a little bit here - a little bit there to stay under the radar.
I wonder if other people (Linoman etc) have the same spammer/IP as visitor...
I rebuilt our main Smoothwall as its IP block feature wasn't working - probably the HDD on its way out as it was a three-year old install.
I did a little Google on that IP, and found this :
http://www.bizimbal.com/odb/details.html?id=1069700
Quite interesting little busybody... seems he does a little bit here - a little bit there to stay under the radar.
I wonder if other people (Linoman etc) have the same spammer/IP as visitor...
PATA/IDE HDD?
I've had quite a few HDDs die on me over the years in IPCop/SWEx boxes.
I suspect one might have better luck with an SSD HDD now that the prices are coming down.
The_Unbeliever
Honorary Master
Yup, PATA
Been thinking to get one big box, RAID it, install proxmox with supported 4-port NIC and run smoothwall virtualized....
On the topic - been quiet on the spam-injecting front. Yay.
The_Unbeliever
Honorary Master
Just checked our IP via mxtoolbox.com
All is green, not one single blacklist.
Time for a celebration, methinks
All is green, not one single blacklist.
Time for a celebration, methinks
The_Unbeliever
Honorary Master
I have reason to believe that this poxy spammer is now exploiting vulnerable PC's in order to "offload" his junk onto other servers.
Got a lovely lot of spam queues (18000+) this morning
Blacklisted IP 65.97.167.206 on firewall level.
Bah.
High time to look at ASSP. All other things gonna be shelved until I implemented it 100%.
Got a lovely lot of spam queues (18000+) this morning
Blacklisted IP 65.97.167.206 on firewall level.
Bah.
High time to look at ASSP. All other things gonna be shelved until I implemented it 100%.
The_Unbeliever
Honorary Master
ASSP installed and implemented. So glad. Spam is definitely down a bit. Greylisting works wonders 
This might also be a recently-discovered vulnerability in Exchange 2003 itself...
Should be interesting to hear if other Exchange 2003 admins also got the same issue or not.
This might also be a recently-discovered vulnerability in Exchange 2003 itself...
Should be interesting to hear if other Exchange 2003 admins also got the same issue or not.
The_Unbeliever
Honorary Master
twas a compromised account
A big boo-hiss for M$ programmers who don't include the IP address when you do SMTP logging
At least it's sorted out now.