[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Asrg] What this?
On Thu, Apr 24, 2003 at 10:56:05AM +0200, Reinhold Jordan wrote
> Hi all,
>
> can anybody tell me, why spammers try to send a mail with a lot
> of wrong IPs? I found this in my logfile (receiver-address changed):
>
> reject by critical domain from Anna_xxl589746@web.de at [various IP addresses] to user@domain.de
You're not the only one. Here's a series of attempts from all over
the place...
Mar 30 00:34:27 manson filt-smtpd[31485]: DENYMAIL: (qtWhatUgger1@hotmail.com) -> (waltdnes@waltdnes.org) [80.181.194.122]: 550 BLOCKED: See http://www.monkeys.com/upl/listed-ip-0.cgi?ip=80.181.194.122
Mar 31 00:39:49 manson filt-smtpd[15822]: DENYMAIL: (uhkWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [202.155.16.242]: 550 202.155.16/24 is in id, rejected based on geographical location
Mar 31 02:36:05 manson filt-smtpd[21611]: DENYMAIL: (ifWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [203.191.33.32]: 550 BLOCKED: See http://www.monkeys.com/upl/listed-ip-0.cgi?ip=203.191.33.32
Mar 31 02:36:05 manson filt-smtpd[21610]: DENYMAIL: (mdWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [203.191.33.32]: 550 BLOCKED: See http://www.monkeys.com/upl/listed-ip-0.cgi?ip=203.191.33.32
Mar 31 02:57:06 manson filt-smtpd[22646]: DENYMAIL: (ffWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [218.98.164.36]: 550 218.98/16 is in cn, rejected based on geographical location
Mar 31 02:57:12 manson filt-smtpd[22678]: DENYMAIL: (mnccWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [203.191.33.32]: 550 BLOCKED: See http://www.monkeys.com/upl/listed-ip-0.cgi?ip=203.191.33.32
Mar 31 02:57:12 manson filt-smtpd[22671]: DENYMAIL: (niWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [213.107.96.117]: 550 BLOCKED: See http://www.monkeys.com/upl/listed-ip-0.cgi?ip=213.107.96.117
Mar 31 02:58:15 manson filt-smtpd[22704]: DENYMAIL: (kyWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical location
Mar 31 02:58:15 manson filt-smtpd[22705]: DENYMAIL: (psWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical location
Mar 31 03:17:07 manson filt-smtpd[23686]: DENYMAIL: (wkscWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [218.184.98.210]: 550 218.184/16 is in tw, rejected based on geographical location
Mar 31 03:36:11 manson filt-smtpd[24702]: DENYMAIL: (lqWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [202.155.16.242]: 550 202.155.16/24 is in id, rejected based on geographical location
Mar 31 03:36:44 manson filt-smtpd[24713]: DENYMAIL: (jposWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [202.155.16.242]: 550 202.155.16/24 is in id, rejected based on geographical location
Mar 31 03:36:49 manson filt-smtpd[24701]: DENYMAIL: (imuiWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical location
Mar 31 03:36:58 manson filt-smtpd[24706]: DENYMAIL: (jjWhatUger1@hotmail.com) -> (waltdnes@waltdnes.org) [193.251.188.17]: 550 193.251/16 is in fr, rejected based on geographical location
Here's my theory. Well-organized spam-gangs have compromised many
thousands of personal computers all over the world. They run a central
system somewhere that attempts to spam from one compromised machine, and
if one transmission attempt fails, they try from the next compromised
machine, etc, until they manage to deliver (or run out of compromised
machines). It's a testament to the effectiveness of various DNSbls that
things have gotten to the point where spammers need to put forth this
much effort to get past some people's filters.
--
Walter Dnes <waltdnes@waltdnes.org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg