Re: [mailop] New iteration of SMTP callback snakeoil
On Sat, 11 Mar 2023 12:57:11 +0100, "Peter N. M. Hansteen via mailop" wrote: >Hi, > >Since some time yesterday I've seen a largish number of delivery attempts to >obviously generated, invalid addesses in some of our domains, with the >following >apparent senders: >information@validmbx .com I note with interest that the above domain suddenly is listed in URI BLs. At least new messages mentioning that domain get flagged as spam for that reason. mdr -- "There are no laws here, only agreements." -- Masahiko ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] New iteration of SMTP callback snakeoil
On Sat, Mar 11, 2023 at 10:31:01AM -0600, Michael Rathbun via mailop wrote: > [snip] > >informat...@validmbx.com > [snip] > > The most recent validmbx.com attempt failed the generated address as expected, > then validated one of my "sudden death" spamtrap addresses. So, the sender is > welcome to saturate that addy with spam, since each delivering IP will be > blocked for at least 1,440 minutes, and the messages delivered only to > Rev. Bayes. > > I would point out that there appears to be a large number of such attempts > that don't use information@ as the envelope from. I hadn't noticed any of those, but then again the things that run automatically here are somewhat geared towards fishing out new candidates for spamtraps. Those generated addresses have of course joined the list of imaginary friends now some 308558 strong ;) I'll probably need to sniff around the various logs for further data. Thanks! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] New iteration of SMTP callback snakeoil
On the off chance that more data helps, here are my findings (with only recipient domains censored) based on a log audit of those "senders." Logs: https://clbin.com/RKWkN Considering that everything before the @ looks to be generated by an algorithm, it should be sufficiently redacted but still might offer further insight into the algorithm itself. On 2023-03-11 05:57, Peter N. M. Hansteen via mailop wrote: Hi, Since some time yesterday I've seen a largish number of delivery attempts to obviously generated, invalid addesses in some of our domains, with the following apparent senders: informat...@ckuser.com informat...@mbxchk.com informat...@reqck.com informat...@send-now.net informat...@usereml.com informat...@uservfy.com informat...@validmbx.com I assume this is yet another round of somebody selling a SMTP callback setup much like the morons described in this piece - https://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.html but before I publish any further rants I would kind of like to hear what the think they're doing. So does anybody here have useful conact information for one or more of the domains listed? I assume trying the RFC2142 addresses will be a waste of time. All the best, Peter ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] New iteration of SMTP callback snakeoil
On Sat, 11 Mar 2023 12:57:11 +0100, "Peter N. M. Hansteen via mailop" wrote: >Hi, > >Since some time yesterday I've seen a largish number of delivery attempts to >obviously generated, invalid addesses in some of our domains, with the >following >apparent senders: > >informat...@ckuser.com [snip] Looking for "RCPT TO:https://list.mailop.org/listinfo/mailop
Re: [mailop] New iteration of SMTP callback snakeoil
On Sat, 11 Mar 2023 12:57:11 +0100, "Peter N. M. Hansteen via mailop" wrote: >Hi, > >Since some time yesterday I've seen a largish number of delivery attempts to >obviously generated, invalid addesses in some of our domains, with the >following >apparent senders: [snip] >informat...@validmbx.com [snip] The most recent validmbx.com attempt failed the generated address as expected, then validated one of my "sudden death" spamtrap addresses. So, the sender is welcome to saturate that addy with spam, since each delivering IP will be blocked for at least 1,440 minutes, and the messages delivered only to Rev. Bayes. I would point out that there appears to be a large number of such attempts that don't use information@ as the envelope from. mdr -- Sometimes half-ass is exactly the right amount of ass. -- Wonderella ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] New iteration of SMTP callback snakeoil
Hi, Since some time yesterday I've seen a largish number of delivery attempts to obviously generated, invalid addesses in some of our domains, with the following apparent senders: informat...@ckuser.com informat...@mbxchk.com informat...@reqck.com informat...@send-now.net informat...@usereml.com informat...@uservfy.com informat...@validmbx.com I assume this is yet another round of somebody selling a SMTP callback setup much like the morons described in this piece - https://bsdly.blogspot.com/2017/08/twenty-plus-years-on-smtp-callbacks-are.html but before I publish any further rants I would kind of like to hear what the think they're doing. So does anybody here have useful conact information for one or more of the domains listed? I assume trying the RFC2142 addresses will be a waste of time. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop