Re: Interesting log entries

Fri, 31 Oct 2003 16:40:37 -0800

On Oct 31, 2003, at 3:20 PM, Michael J. Stango wrote:

From time to time I find a mess of rejections in my logs, like so:

----------
10:51:20 1 SMTP-151([212.204.170.150]) SPAM? Host is in the Blacklist
10:51:53 1 SMTP-151(cp243967-a.venra1.lb.home.nl) SPAM? Recipient
'<[EMAIL PROTECTED]>' rejected: sending host is blacklisted
10:51:56 1 SMTP-152([24.150.50.222]) SPAM? Host is blacklisted per RBL
dynablock.easynet.nl with result [127.0.0.2]
10:52:26 1 SMTP-152(d150-50-222.home.cgocable.net) SPAM? Recipient
'<[EMAIL PROTECTED]>' rejected: sending host is blacklisted,
"dynablock.easynet.nl"
10:52:32 1 SMTP-153([151.204.132.230]) SPAM? Host is blacklisted per RBL
dynablock.easynet.nl with result [127.0.0.2]
10:53:04 1 SMTP-153(pool-151-204-132-230.ny325.east.verizon.net) SPAM?
Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted,
"dynablock.easynet.nl"
10:53:06 1 SMTP-154([217.228.53.29]) SPAM? Host is in the Blacklist
10:53:37 1 SMTP-154(pD9E4351D.dip.t-dialin.net) SPAM? Recipient
'<[EMAIL PROTECTED]>' rejected: sending host is blacklisted
10:53:42 1 SMTP-155([24.215.156.92]) SPAM? Host is blacklisted per RBL
dynablock.easynet.nl with result [127.0.0.2]
10:54:11 1 SMTP-155(user-0cdf72s.cable.mindspring.com) SPAM? Recipient
'<[EMAIL PROTECTED]>' rejected: sending host is blacklisted,
"dynablock.easynet.nl"
10:58:31 1 SMTP-156(line-196-139.dial.matav.net) SPAM? address
<[EMAIL PROTECTED]> is a SpamTrap address
10:58:34 1 SMTP-156(line-196-139.dial.matav.net) SPAM? Mail from
'<[EMAIL PROTECTED]>' rejected: SpamTrap
----------

Anyone else seeing stuff like this? My theory is these machines have been
compromised by and are under the control of a single SOB spammer. Though the
machines are always geographically diverse, I've seen too many of these
clusters of systematic attempts to believe that this is a coincidence any
longer.

<snip>

I wonder if it is related in any way to this type of thing:
http://story.news.yahoo.com/news?tmpl=story&cid=569&ncid=738&e=1&u=/nm/ 20031031/tc_nm/tech_internet_virus_dc



#############################################################
This message is sent to you because you are subscribed to
 the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

Reply via email to