[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Nuonce Antispam feature

Subject: RE: [cobalt-users] Nuonce Antispam feature
From: "Dan Kriwitsky" <list3@xxxxxxxxxxxxxxxxxxxx>
Date: Sat Apr 17 09:04:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx 
> On Behalf Of Crocket
> 
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> On Behalf Of Dan Kriwitsky
> 
> > 195.130.132.44 is the IP from which your email arrived at 
> the list. It's
> > not blocked by Spamcop. My guess would be there are some 
> open proxies
> > being used to spam through your ISP's SMTP. They need to 
> take action to
> > remove those customers from the network. Also, if 
> abuse@xxxxxxxxxxxxxx
> > does not function than many people may block them when the spam
> > complaints bounce.
> 
> Here's an example of the maillog:
> Apr 16 06:34:42 cob6 sendmail[22950]: i3G4YgN22950: 
> ruleset=check_relay,
> arg1=apate.telenet-ops.be, arg2=195.130.132.57, 
> relay=apate.telenet-ops.be
> [195.130.132.57], reject=553 5.3.0 Rejected Mail from 
> 195.130.132.57 Email
> blocked using http://spamcop.net/
> 
> Telenet is the ISP, the listed ip is one from one of their 
> mailservers, but
> I see 100's of those in the logs, including other mailservers 
> from them.
> The rejections started 2 days ago from any of the 
> *.telenet-ops.be servers.
> 
> But since I disabled the DNSBL, the spam count has at lease 
> tripled again.
> Would it be safe to OK the domain *.telenet-ops.be in the 
> /etc/mail/access ?

Based on what I'm seeing in
http://groups.google.com/groups?hl=en&lr=&safe=off&group=news.admin.net-
abuse.sightings I don't think I would put that in my access file.
e.g.
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&safe=off&selm=nans200
40414201322%245531%40news.killfile.org
There appears to be a lot of spam coming from there. It must be hitting
a lot of Spamcop spamtraps to end up blocked. Whether they have a lot of
infected users, or spammers on their network I can't say. But there has
been some spam coming from there and if they're not doing anything about
it they will end up widely blocked.

> That domain is only used by their company, their users all 
> have pandora.be
> as the domain for their email addies.

I would find out what the actual SMTP output servers are and OK the full
rDNS in access and not allow individual users.

> 
> I know about one policy that telenet customers can only send 
> a mail to 300
> emails at a time.

Bursts of 300 at a time is great for spammers.
-- 
C2003 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.

References:
- RE: [cobalt-users] Nuonce Antispam feature
  - From: Crocket

Prev by Date: RE: [cobalt-users] Nuonce Antispam feature
Next by Date: [cobalt-users] antispam antivirus
Previous by thread: RE: [cobalt-users] Nuonce Antispam feature
Next by thread: [cobalt-users] antispam antivirus

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index