Jump to content

das

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About das

  • Rank
    Newbie

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Cambridge, MA
  1. Let me add my $0.02... I've seen this problem a few times also. It arises whenever "whois" returns a reporting addr of the form "foo[at]gmail.com". When that gets passed to "whois -b", the answer returned is "gmail-abuse[at]google.com". That makes sense, but it is WRONG in this context -- the reporting addr returned by "whois" is CORRECT as it stands, and should NOT be further elaborated by passing to "whois -b". Parser needs a special test for this case... if ( reporting_addr NOT of the form "foo[at]gmail.com" ) then do whois -b reporting_addr; -- EstherD
  2. Some of these routing data look pretty old and cobweby... Reports routes for 81.0.119.17: routeid:11832283 81.0.64.0 - 81.0.127.255 to:spamcop[at]sa.ew.hu Administrator interested in all reports Tue Jan 11 10:36:57 2005 -0500 [Note added by 216.127.43.94 (sam.julianhaight.com)] making sure that all routes are accounted for Sun Sep 5 03:30:14 2004 -0400 [Note added by 70.64.153.87, 24.66.94.142 (S010600045a22c670.ss.shawcable.net)] Some changes took place during the last couple of months. Elender Business Communications Co. was bought by EuroWeb Internet Provider Co. and the united firm runs under the name of EuroWeb. The process of uniting the networks is under way. The new, extended IP ranges are: Former Elender IP ranges: 194.143.224.0/19 212.108.192.0/18 81.0.64.0/18 Former EuroWeb Hungary IP ranges: 193.68.32.0/19 193.91.64.0/19 193.194.159.0/24 193.226.192.0/18 195.184.0.0/19 Also, we are still responsible for SuliNet (The Hungarian SchoolNet Project). Its IP range is 195.199.0.0./16 We kindly ask you to send SpamCop abuse reports to <spamcop[at]sa.ew.hu> from now on for all of the above IP ranges. Peace, Peter Note: sa.ew.hu is a domain alias for sa.eol.hu on our mailservers. -- Peter Berenyi - Systems Administrator EuroWeb Internet Provider Co. email: ber[at]sa.ew.hu At least for the referenced addr, 81.0.119.17, there are better data... whois 81.0.119.17 # # Query terms are ambiguous. The query is assumed to be: # "n 81.0.119.17" # # Use "?" to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=81.0.119.17?showDetails=true&showARIN=false&ext=netref2 # NetRange: 81.0.0.0 - 81.255.255.255 CIDR: 81.0.0.0/8 OriginAS: NetName: 81-RIPE NetHandle: NET-81-0-0-0-1 Parent: NetType: Allocated to RIPE NCC Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: Updated: 2009-03-25 Ref: http://whois.arin.net/rest/net/NET-81-0-0-0-1 OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2011-09-24 Ref: http://whois.arin.net/rest/org/RIPE ReferralServer: whois://whois.ripe.net:43 OrgAbuseHandle: RNO29-ARIN OrgAbuseName: RIPE NCC Operations OrgAbusePhone: +31 20 535 4444 OrgAbuseEmail: hostmaster[at]ripe.net OrgAbuseRef: http://whois.arin.net/rest/poc/RNO29-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: hostmaster[at]ripe.net OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '81.0.119.0 - 81.0.119.255' inetnum: 81.0.119.0 - 81.0.119.255 netname: VTH remarks: NCC#2009011022 descr: Data center country: HU admin-c: VINC1-RIPE tech-c: VINO2-RIPE status: ASSIGNED PA mnt-by: AS12301-MNT source: RIPE # Filtered role: INVITEL IP NETWORK COORDINATION CENTER address: INVITEL Rt. address: H-6724 Szeged address: Rokusi krt. 2-10. phone: +36 62 563621 fax-no: +36 62 550130 remarks: Adatvedelmi felelos: fax-no: +36 1 8013414 admin-c: VINC1-RIPE tech-c: VINO2-RIPE nic-hdl: VINC1-RIPE abuse-mailbox: abuse[at]invitel.net mnt-by: AS12301-MNT source: RIPE # Filtered role: INVITEL IP NETWORK OPERATION address: H-2040 Budaors address: Puskas Tivadar u. 8-10. fax-no: +36 1 2364460 admin-c: VINC1-RIPE tech-c: JS6489-RIPE tech-c: IOS2-RIPE nic-hdl: VINO2-RIPE abuse-mailbox: abuse[at]invitel.net mnt-by: AS12301-MNT source: RIPE # Filtered % Information related to '81.0.64.0/18AS12301' route: 81.0.64.0/18 descr: INVITEL Zrt. origin: AS12301 mnt-by: AS12301-MNT source: RIPE # Filtered And... whois -b abuse[at]invitel.net abuse[at]invitel.net (for invitel.net) Perhaps some of the other addrs in the quoted routing data block could also benefit from a makeover. -- EstherD
  3. Parsing input: 216.27.63.158 [report history] Routing details for 216.27.63.158 Report routing for 216.27.63.158: abuse#bronto.com[at]devnull.spamcop.net Statistics: 216.27.63.158 not listed in bl.spamcop.net More Information.. 216.27.63.158 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 216.27.63.158 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 216.27.63.158 not listed in cbl.abuseat.org 216.27.63.158 not listed in dnsbl.sorbs.net No valid email addresses found, sorry! Reports routes for 216.27.63.158: routeid:3541929 216.27.0.0 - 216.27.95.255 to: Administrator interested in all reports Mon Jun 15 08:48:54 2009 -0400 Corrupt notes were found here - combined raw data below: [Note added by 65.244.88.252 (gwy-1.corp.ampira.com)] Currently you're sending these reports to our hosting providers but not to the service provider (V3.com). We'd like to have the reports routed directly to our abuse team. Victor Cruzate victor[at]v3.com 1051738841 routeid:65100884 216.27.63.0 - 216.27.63.255 to:abuse#bronto.com[at]devnull.spamcop.net Administrator interested in all reports Wed Feb 23 05:27:54 2011 -0500 [Note added by 206.207.78.146 (host-206-207-78-146.ns1.spro.net)] Listwashing. - Don - BUT... whois 216.27.63.158 NetRange: 216.27.0.0 - 216.27.95.255 CIDR: 216.27.0.0/18, 216.27.64.0/19 OriginAS: AS7181, AS7349, AS33251 NetName: HSAL-216-27-0-0-18 NetHandle: NET-216-27-0-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1998-07-15 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-216-27-0-0-1 OrgName: Hosted Solutions Acquisition, LLC OrgId: HSAL-2 Address: 4350 Lassiter at North Hills Avenue, Suite 280 City: Raleigh StateProv: NC PostalCode: 27609 Country: US RegDate: 2008-03-18 Updated: 2011-09-24 Ref: http://whois.arin.net/rest/org/HSAL-2 ReferralServer: rwhois://rwhois.hostedsolutions.com:4321 OrgAbuseHandle: HOSTM1171-ARIN OrgAbuseName: Hostmaster OrgAbusePhone: +1-919-852-0690 OrgAbuseEmail: hostmaster[at]hostedsolutions.com OrgAbuseRef: http://whois.arin.net/rest/poc/HOSTM1171-ARIN OrgTechHandle: HOSTM1171-ARIN OrgTechName: Hostmaster OrgTechPhone: +1-919-852-0690 OrgTechEmail: hostmaster[at]hostedsolutions.com OrgTechRef: http://whois.arin.net/rest/poc/HOSTM1171-ARIN AND... whois -b hostmaster[at]hostedsolutions.com hostmaster[at]hostedsolutions.com (for hostedsolutions.com) abuse[at]hostedsolutions.com (for hostedsolutions.com) abuse[at]level3.com (for hostedsolutions.com) TIA... -- EstherD
  4. There should be a way to whitelist the forwarding server(s). Or, better yet, there should be some way to specify a list of trusted servers that are completely exempt from Greylisting. Ahhhh... but think of the implementation issues! Yes, I can hear the groans from the programmers in the back room. But that IS how I setup Greylisting on a bunch of mailservers I used to run in a former lifetime. So I know that it CAN be done... -- EstherD
  5. Problem is... it isn't always possible. As an example, Forwarding and Greylisting interact badly in many cases, leading to bounced mail. So if you need Greylisting to help reduce spam volume by blocking junk sent by SpamBots, then you can't use Forwarding. -- EstherD
  6. Assuming you've done the restart by now. It has NOT fixed the problem. Since I already filed a problem report and got a case #, I'll just bag it for tonight and hope for better times tomorrow. -- EstherD
  7. das

    Mail down

    Yes. There is more info in this thread. On "Options > SpamCop Tools > Configure external POP servers." page, have been seeing "Unknown error: 10" every 15 min or so on all accts with mail pending for pickup since webmail service came back up about 1800 -0400. And NO email being picked up from external server via POP. Have verified that I can successfully POP from server for my external accts using a local POP client. Only SpamCop POP pickup service is having problems. Filed problem report about 2100 -0400. Still waiting for a resolution... -- EstherD
  8. Confirming... I've also been seeing same error every 15 min or so since service came back up about 1800 -0400. Have verified that I can successfully POP from server for my external accts using a local POP client. Only SpamCop POP pickup service is having problems. Filed problem report about 2100 -0400. Still waiting... -- EstherD
×