>From time to time I find a mess of rejections in my logs, like so: ---------- 10:51:20 1 SMTP-151([212.204.170.150]) SPAM? Host is in the Blacklist 10:51:53 1 SMTP-151(cp243967-a.venra1.lb.home.nl) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted 10:51:56 1 SMTP-152([24.150.50.222]) SPAM? Host is blacklisted per RBL dynablock.easynet.nl with result [127.0.0.2] 10:52:26 1 SMTP-152(d150-50-222.home.cgocable.net) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "dynablock.easynet.nl" 10:52:32 1 SMTP-153([151.204.132.230]) SPAM? Host is blacklisted per RBL dynablock.easynet.nl with result [127.0.0.2] 10:53:04 1 SMTP-153(pool-151-204-132-230.ny325.east.verizon.net) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "dynablock.easynet.nl" 10:53:06 1 SMTP-154([217.228.53.29]) SPAM? Host is in the Blacklist 10:53:37 1 SMTP-154(pD9E4351D.dip.t-dialin.net) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted 10:53:42 1 SMTP-155([24.215.156.92]) SPAM? Host is blacklisted per RBL dynablock.easynet.nl with result [127.0.0.2] 10:54:11 1 SMTP-155(user-0cdf72s.cable.mindspring.com) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "dynablock.easynet.nl" 10:58:31 1 SMTP-156(line-196-139.dial.matav.net) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address 10:58:34 1 SMTP-156(line-196-139.dial.matav.net) SPAM? Mail from '<[EMAIL PROTECTED]>' rejected: SpamTrap ----------
Anyone else seeing stuff like this? My theory is these machines have been compromised by and are under the control of a single SOB spammer. Though the machines are always geographically diverse, I've seen too many of these clusters of systematic attempts to believe that this is a coincidence any longer. Will ISP abuse@ addresses accept reports of obvious *attempted* spamming, even though SIMS properly rejected all this crap? Because I'm thinking of tracking down the ISPs those IPs belong to and forwarding each of them the block of log entries above to make my case. ~MJS ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
