* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [001210 21:27]:
> What kind of service is *.tnt.city.state.da.uu.net, or for example
> 1Cust147.tnt7.fort-lauderdale.fl.da.uu.net?
>
> SPAM from these addresses is not being blocked by DULS. traceroute
> suggests to me an above.net colo at uu.net? (my guess)
Note that there is an intermediate open relay between the da.uu.net address
and your mail server:
> Received: from co-location.ibtoday.iasiaworks.ne.kr (HELO ns.asiatrans.com)
>([EMAIL PROTECTED])
> by gray.maine.com with SMTP; 10 Dec 2000 15:42:33 -0000
Here, your machine accepts the mail from 211.36.253.35 (aka
co-location.ibtoday.iasiaworks.ne.kr).
> Received: from mail1.joymail.com (1Cust147.tnt7.fort-lauderdale.fl.da.uu.net
>[63.25.243.147])
> by ns.asiatrans.com (8.9.3/8.9.3) with SMTP id AAA15685
> for <[EMAIL PROTECTED]>; Mon, 11 Dec 2000 00:40:45 +0900
Here the co-location.ibtoday.iasiaworks.ne.kr machine accepts the spam from
the da.uu.net dial-up account and relays it. Lo and behold, this machine
(211.36.253.35) is on the RSS. :-)
> We're running the collected SPAMPATCH patches. Does it make
> sense to block *.da.uu.net in badmailpatterns or might there better
> way of doing it with tcpserver? Frankly, depending on what tnt
> is I'm tempted to block all da.uu.net. The addresses
> along the path change with each instance; only the source
> address seems consistent.
If your customers are not using UUnet dialups (or resold UUnet dialups), go
ahead and block 'em all, I say, whatever method you might use...
/pg
--
Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED]
---
You know, by the time you get some with all this, the "Swiss Army
Chainsaw" is going to be more like a Swiss Army Tactical Nuke.... :-)
--- Brandon Allbery
on perl in <[EMAIL PROTECTED]>
