Jump to content
Sign in to follow this  
{R}

How on earth

Recommended Posts

Apparently my shortly to be commissioned DNS server 217.169.24.83 which doesn't have an rDNS working yet, is spamming. See below.

Now there is no SMTP server on this Win2K box, and BIND is playing up too :( but that is a different story,

So can someone please explain how I got reported, I don't mind at all as I have no intention of running an SMTP server on that IP.

{R}

[ SpamCop V1.379 ]

This message is brief for your comfort. Please use links below for details.

Email from 217.169.24.83 / Wed, 13 Oct 2004 23:39:29 +0300 (EAT)

http://www.spamcop.net/w3m?i=z1264389395za...8b8cc502edbfcfz

[ Offending message ]

Received: from standardlife.ca ([217.169.24.83])

by mailexch-inalt.unon.org (8.13.1/8.13.1) with SMTP id i9DKdFJL009451

for <x>; Wed, 13 Oct 2004 23:39:29 +0300 (EAT)

Message-ID: <04de______________________e0db[at]standardlife.ca>

From: "Trisha Hutchins" <t.hutchins_gz[at]cicely5.cicely.de>

To: x

Subject: [spam]

Date: Thu, 14 Oct 2004 18:52:19 +0000

MIME-Version: 1.0

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: 8bit

Received-SPF: softfail (mailexch-inalt.unon.org: transitioning domain of cicely5.cicely.de does not designate 217.169.24.83 as permitted sender) client-ip=217.169.24.83; envelope-from=t.hutchins_gz[at]cicely5.cicely.de; helo=standardlife.ca;

X-Miltered: at prtsvr-x with ID 416D9273.000 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)!

X-Brightmail-Tracker: AAAAAwEjor4BIRIKASdFng==

{spam snipped}

Share this post


Link to post
Share on other sites

There is a problem with that machine, it has probably some kind of worm or it has been hacked. You don't have to be running an smtp server to send spam it is built into many worms.

CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2

Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=217.169.24.83

--------------------------------------------------------------------------------

XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4

http://www.spamhaus.org/query/bl?ip=217.169.24.83

--------------------------------------------------------------------------------

SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?217.169.24.83

--------------------------------------------------------------------------------

DNSBLUCEPN External Block List - UCEPROTECT®-Network Project: ucepn.dnsbl.net.au -> 127.0.0.2

PLEASE SEE http://www.uceprotect.net/

Edited by Merlyn

Share this post


Link to post
Share on other sites

What a small world.... The posting that was found by that search is a person I regularly read on the comp.os.vms newsgroups many moons ago.

Share this post


Link to post
Share on other sites

Looks like as of yesterday:

2004/Oct/13 22:49:59 UTC (view message) socks4

2004/Oct/13 22:50:00 UTC (view message) http-connect

2 open proxys on it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×