>Can the folks running a mailserver scan their logs for efltn.com?
>
>Since 2003/06/30, 207.134.106.109 and 207.134.106.110 has been
>attempting to deliver mail from that domain every half hour with
>with appears to be some kind of direct-to-MX spamming software.
>The IPs I listed are not even running a listening mail server.
>
>DNS is not resolving properly, but if you run a whois on that
>domain, you will see that the registrant is Honolulu based.
I'm seeing it too. It started on June 30, and here are the number of
lines in my syslog from each day (each email generates two lines, so
divide by two to find out how many mails have been attempted):
[cletus:~]$ awk '{print $1, $2}' < efltn.com | uniq -c
14 Jun 30
28 Jul 1
24 Jul 2
18 Jul 3
12 Jul 4
My server is rejecting the messages:
Jul 4 05:11:34 cletus sendmail[6942]: h64FBXT06942: ruleset=check_mail,
arg1=<[EMAIL PROTECTED]>, relay=efl2.efltn.com [207.134.106.109] (may be
forged), reject=451 4.1.8 Domain of sender address [EMAIL PROTECTED] does not
resolve
I'm also seeing only the two IPs as well.
--
Mark K. Pettit
[EMAIL PROTECTED]
