Vince Hoang wrote:
Can the folks running a mailserver scan their logs for efltn.com?
Since 2003/06/30, 207.134.106.109 and 207.134.106.110 has been
attempting to deliver mail from that domain every half hour with
with appears to be some kind of direct-to-MX spamming software.
The IPs I listed are not even running a listening mail server.
DNS is not resolving properly, but if you run a whois on that
domain, you will see that the registrant is Honolulu based.
-Vince
For all it's worth, probably unrelated, but I recently got a targeted (though
poorly, since I'm in in Hawaii :) spam that was actually sent from a
hawaii.rr.com IP apparently (unless that part of the header was forged and they
conncected directly to my local ISPs mail server, unlikely but possible).
Relevant headers:
Received: from ms-mta-02 (ms-mta-02-mss [10.24.10.6])
by ms-mss-03.columbus.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <[EMAIL PROTECTED]> for
[EMAIL PROTECTED]; Tue, 01 Jul 2003 22:22:38 -0400 (EDT)
Received: from ncmx01.mgw.rr.com (ncmx01.mgw.rr.com [24.93.67.251])
by ms-mta-02.columbus.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <[EMAIL PROTECTED]> for
[EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Tue,
01 Jul 2003 22:22:38 -0400 (EDT)
Received: from ecouponsHawaii59.com
(cpe-66-8-200-254.hawaii.rr.com [66.8.200.254])
by ncmx01.mgw.rr.com (8.12.8p1/8.12.8) with SMTP id h622MmtU013371 for
<[EMAIL PROTECTED]>; Tue, 01 Jul 2003 22:22:53 -0400 (EDT)
It actaully appears to have from from a valid hawaii.rr.com cable modem, and
have gone through hawaii.rr.com's SMTP relay. If this is the case, please do go
after them as I shoudl hope roadrunner prohibits spamming (they do in indy.rr.com!).
--MonMotha
