Yes I do believe you are right. (4tuple is very helpful here)
*.cluster1.charter.net appear to be the only legit charter servers
connecting
(Kinda funny to see how FEW legit senders there are from charter to my
server).
Count PTR has charter & from [EMAIL PROTECTED]
#zegrep '\.charter\..*4tuple.*from=<[EMAIL PROTECTED]>' /var/log/maillog.0.gz |
awk '{print $10" "$17}' | sort -f | uniq -i | wc -l
16
Count PTR has *.charter.*
# zegrep '\.charter\..*4tuple' /var/log/maillog.0.gz | awk '{print $10"
"$17}' | sort -f | uniq -i | wc -l
594
Detail PTR has *.charter.* & from [EMAIL PROTECTED]
# zegrep '\.charter\..*4tuple.*from=<[EMAIL PROTECTED]>' /var/log/maillog.0.gz
| awk '{print $10" "$17}' | sort -f | uniq -i | less
rems06.cluster1.charter.net[209.225.8.206]: from=<[EMAIL PROTECTED]>
remt19.cluster1.charter.net[209.225.8.29]: from=<[EMAIL PROTECTED]>
remt19.cluster1.charter.net[209.225.8.29]: from=<[EMAIL PROTECTED]>
remt19.cluster1.charter.net[209.225.8.29]: from=<[EMAIL PROTECTED]>
remt19.cluster1.charter.net[209.225.8.29]: from=<[EMAIL PROTECTED]>
remt20.cluster1.charter.net[209.225.8.30]: from=<[EMAIL PROTECTED]>
remt22.cluster1.charter.net[209.225.8.32]: from=<[EMAIL PROTECTED]>
remt22.cluster1.charter.net[209.225.8.32]: from=<[EMAIL PROTECTED]>
remt23.cluster1.charter.net[209.225.8.33]: from=<[EMAIL PROTECTED]>
remt23.cluster1.charter.net[209.225.8.33]: from=<[EMAIL PROTECTED]>
remt24.cluster1.charter.net[209.225.8.34]: from=<[EMAIL PROTECTED]>
remt25.cluster1.charter.net[209.225.8.35]: from=<[EMAIL PROTECTED]>
remt26.cluster1.charter.net[209.225.8.36]: from=<[EMAIL PROTECTED]>
remt27.cluster1.charter.net[209.225.8.37]: from=<[EMAIL PROTECTED]>
remt28.cluster1.charter.net[209.225.8.38]: from=<[EMAIL PROTECTED]>
remt30.cluster1.charter.net[209.225.8.40]: from=<[EMAIL PROTECTED]>
-----Original Message-----
From: Chris Scott [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 14, 2003 8:38 AM
To: [EMAIL PROTECTED]
Subject: [IMGate] Re: anybody know the PTR for charter outbound MTAs?
Len Conrad wrote:
>
> Like rr, charter is another one that doesn't have systematic PTR
> labelling,
> so the DUNNO treatment is required, but I can't see what to DUNNO.
>
> zegrep " connect from.*charter\.com" /var/log/maillog.1.gz | awk
> '{print
> $8}' | sort - | uniq -i | sort -t[ -k2 | less
>
> Len-
>
>
Take out the com to look for charter.net also. I see some PTR that look
like they may be the MTAs:
rems02.cluster1.charter.net[209.225.8.202]
remt19.cluster1.charter.net[209.225.8.29]
remt20.cluster1.charter.net[209.225.8.30]
remt21.cluster1.charter.net[209.225.8.31]
remt22.cluster1.charter.net[209.225.8.32]
remt23.cluster1.charter.net[209.225.8.33]
remt24.cluster1.charter.net[209.225.8.34]
remt25.cluster1.charter.net[209.225.8.35]
remt26.cluster1.charter.net[209.225.8.36]
remt27.cluster1.charter.net[209.225.8.37]
remt28.cluster1.charter.net[209.225.8.38]
remt30.cluster1.charter.net[209.225.8.40]
dc-mxdb10.cluster1.charter.net[209.225.8.74]
*.cluster1.charter.net maybe?
--
Chris Scott
Host Orlando, Inc.
http://www.hostorlando.com/
