|
Hey Andrew,
Are you sending your logs to a UNIX box, or running a
ported version
of grep/egrep for windows?
Mike From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, June 16, 2005 17:34 To: sniffer@SortMonster.com Subject: RE: [sniffer] Spam blocks loading me up with spam I
haven't noticed this spam leaking through, but at your prompting I did
a:
egrep
".+From: .+To: .+IP: 200\.49\." dec0616.log
and
saw about 46. A glance through these to:from:ip: lines definitely shows
messages that fit your description, along with messages that don't (I'm
deliberately looking at the 16 bit subnet) and I see messages today
from:
200.49.37.0/24
200.49.44.0/24
in addition to the blocks you listed, and a
spot check of two of them did not turn up any hits with sniffer.
Total volume was low, at less than 50 messages.
One other interesting comment that I can add
is that I'm seeing them use VERP like MAILFROM addresses, e.g.:
Of course, jsmith and example.com are not
the actual text, but the recipient at my domain.
Andrew
8)
|
Title: Message
- [sniffer] Spam blocks loading me up... Scott Fisher
- Re: [sniffer] Spam blocks load... Pete McNeil
- RE: [sniffer] Spam blocks load... Chuck Schick
- Re[2]: [sniffer] Spam bloc... Pete McNeil
- Re: [sniffer] Spam blocks load... Darrell (supp...@invariantsystems.com)
- Re: [sniffer] Spam blocks load... Darrell (supp...@invariantsystems.com)
- Re: [sniffer] Spam blocks ... Scott Fisher
- RE: [sniffer] Spam blocks load... Colbeck, Andrew
- RE: [sniffer] Spam blocks load... Colbeck, Andrew
- Re[2]: [sniffer] Spam bloc... Pete McNeil
- RE: [sniffer] Spam blocks load... Michael Hardrick
- RE: Re[2]: [sniffer] Spam bloc... Colbeck, Andrew
- RE: [sniffer] Spam blocks load... Colbeck, Andrew
