Turmoyl Posted July 23, 2005 Share Posted July 23, 2005 I noticed a particular log section from one of my smaller mail servers that hosts accounts for just 2 people. It appears that a spam gang with a lot of resources made a strong run over a 5-minute time frame. It's so pretty that I thought I'd share it. Jul 23 01:10:37 mail1 sm-mta[31102]: ruleset=check_relay, arg1=[218.21.183.132], arg2=218.21.183.132, relay=[218.21.183.132], reject=550 5.7.1 No SMTP connections allowed from China due to spammers Jul 23 01:10:59 mail1 sm-mta[31103]: ruleset=check_relay, arg1=cm181.sigma123.maxonline.com.sg, arg2=218.212.123.181, relay=cm181.sigma123.maxonline.com.sg [218.212.123.181], reject=550 5.7.1 Mail from 218.212.123.181 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:11:04 mail1 sm-mta[31104]: ruleset=check_relay, arg1=cm117.sigma84.maxonline.com.sg, arg2=218.212.84.117, relay=cm117.sigma84.maxonline.com.sg [218.212.84.117], reject=550 5.7.1 Mail from 218.212.84.117 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:11:19 mail1 sm-mta[31105]: ruleset=check_relay, arg1=pc33234.ztv.ne.jp, arg2=218.216.172.234, relay=pc33234.ztv.ne.jp [218.216.172.234], reject=550 5.7.1 Mail from 218.216.172.234 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:11:43 mail1 sm-mta[31106]: ruleset=check_relay, arg1=[218.22.182.70], arg2=218.22.182.70, relay=[218.22.182.70], reject=550 5.7.1 No SMTP connections allowed from China due to spammers Jul 23 01:11:53 mail1 sm-mta[31107]: ruleset=check_relay, arg1=zaqdadc0b1c.zaq.ne.jp, arg2=218.220.11.28, relay=zaqdadc0b1c.zaq.ne.jp [218.220.11.28], reject=550 5.7.1 Mail from 218.220.11.28 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:12:01 mail1 sm-mta[31108]: ruleset=check_relay, arg1=zaqdadc374c.zaq.ne.jp, arg2=218.220.55.76, relay=zaqdadc374c.zaq.ne.jp [218.220.55.76], reject=550 5.7.1 Mail from 218.220.55.76 refused - see http://www.spamhaus.org/sbl/ Jul 23 01:12:05 mail1 sm-mta[31109]: ruleset=check_relay, arg1=zaqdadc57f7.zaq.ne.jp, arg2=218.220.87.247, relay=zaqdadc57f7.zaq.ne.jp [218.220.87.247], reject=550 5.7.1 Mail from 218.220.87.247 refused - see http://www.spamhaus.org/sbl/ Jul 23 01:12:10 mail1 sm-mta[31110]: ruleset=check_relay, arg1=zaqdadc099b.zaq.ne.jp, arg2=218.220.9.155, relay=zaqdadc099b.zaq.ne.jp [218.220.9.155], reject=550 5.7.1 Mail from 218.220.9.155 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:12:23 mail1 sm-mta[31111]: ruleset=check_relay, arg1=adsl-west-2144.enjoy.ne.jp, arg2=218.223.103.44, relay=adsl-west-2144.enjoy.ne.jp [218.223.103.44], reject=550 5.7.1 Mail from 218.223.103.44 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:12:32 mail1 sm-mta[31113]: ruleset=check_relay, arg1=c-67-188-243-6.hsd1.ca.comcast.net, arg2=67.188.243.6, relay=c-67-188-243-6.hsd1.ca.comcast.net [67.188.243.6], reject=550 5.7.1 Mail from 67.188.243.6 refused - see http://www.spamhaus.org/sbl/ Jul 23 01:12:33 mail1 sm-mta[31114]: ruleset=check_relay, arg1=c-67-188-243-6.hsd1.ca.comcast.net, arg2=67.188.243.6, relay=c-67-188-243-6.hsd1.ca.comcast.net [67.188.243.6], reject=550 5.7.1 Mail from 67.188.243.6 refused - see http://www.spamhaus.org/sbl/ Jul 23 01:12:33 mail1 sm-mta[31112]: ruleset=check_relay, arg1=218-223-17-112.bitcat.net, arg2=218.223.17.112, relay=218-223-17-112.bitcat.net [218.223.17.112], reject=550 5.7.1 Mail from 218.223.17.112 refused - see http://www.spamhaus.org/sbl/ Jul 23 01:12:33 mail1 sm-mta[31115]: ruleset=check_relay, arg1=c-67-188-243-6.hsd1.ca.comcast.net, arg2=67.188.243.6, relay=c-67-188-243-6.hsd1.ca.comcast.net [67.188.243.6], reject=550 5.7.1 Mail from 67.188.243.6 refused - see http://www.spamhaus.org/sbl/ Jul 23 01:12:42 mail1 sm-mta[31116]: ruleset=check_relay, arg1=eatkyo216074.adsl.ppp.infoweb.ne.jp, arg2=218.226.145.74, relay=eatkyo216074.adsl.ppp.infoweb.ne.jp [218.226.145.74], reject=550 5.7.1 Mail from 218.226.145.74 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:12:53 mail1 sm-mta[31117]: ruleset=check_relay, arg1=ktsk120230.catv.ppp.infoweb.ne.jp, arg2=218.226.170.230, relay=ktsk120230.catv.ppp.infoweb.ne.jp [218.226.170.230], reject=550 5.7.1 Mail from 218.226.170.230 refused - see http://www.spamhaus.org/sbl/ Jul 23 01:12:58 mail1 sm-mta[31118]: ruleset=check_relay, arg1=[218.23.158.114], arg2=218.23.158.114, relay=[218.23.158.114], reject=550 5.7.1 No SMTP connections allowed from China due to spammers Jul 23 01:13:23 mail1 sm-mta[31119]: ruleset=check_relay, arg1=[218.23.244.70], arg2=218.23.244.70, relay=[218.23.244.70], reject=550 5.7.1 No SMTP connections allowed from China due to spammers Jul 23 01:13:27 mail1 sm-mta[31120]: ruleset=check_relay, arg1=[218.23.3.251], arg2=218.23.3.251, relay=[218.23.3.251], reject=550 5.7.1 No SMTP connections allowed from China due to spammers Jul 23 01:13:35 mail1 sm-mta[31121]: ruleset=check_relay, arg1=[218.23.38.202], arg2=218.23.38.202, relay=[218.23.38.202], reject=550 5.7.1 No SMTP connections allowed from China due to spammers Jul 23 01:13:46 mail1 sm-mta[31122]: ruleset=check_relay, arg1=p4249-ip01oomichi.oita.ocn.ne.jp, arg2=218.230.229.249, relay=p4249-ip01oomichi.oita.ocn.ne.jp [218.230.229.249], reject=550 5.7.1 Mail from 218.230.229.249 refused - see http://www.dnsbl.sorbs.net/ Jul 23 01:13:51 mail1 sm-mta[31123]: ruleset=check_relay, arg1=[218.232.152.180], arg2=218.232.152.180, relay=[218.232.152.180], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:13:55 mail1 sm-mta[31124]: ruleset=check_relay, arg1=[218.232.6.12], arg2=218.232.6.12, relay=[218.232.6.12], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:00 mail1 sm-mta[31125]: ruleset=check_relay, arg1=[218.233.54.41], arg2=218.233.54.41, relay=[218.233.54.41], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:09 mail1 sm-mta[31126]: ruleset=check_relay, arg1=[218.233.87.134], arg2=218.233.87.134, relay=[218.233.87.134], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:13 mail1 sm-mta[31127]: ruleset=check_relay, arg1=[218.234.134.127], arg2=218.234.134.127, relay=[218.234.134.127], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:17 mail1 sm-mta[31128]: ruleset=check_relay, arg1=[218.234.142.93], arg2=218.234.142.93, relay=[218.234.142.93], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:21 mail1 sm-mta[31129]: ruleset=check_relay, arg1=[218.234.250.251], arg2=218.234.250.251, relay=[218.234.250.251], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:25 mail1 sm-mta[31130]: ruleset=check_relay, arg1=[218.234.85.157], arg2=218.234.85.157, relay=[218.234.85.157], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:34 mail1 sm-mta[31131]: ruleset=check_relay, arg1=[218.236.103.54], arg2=218.236.103.54, relay=[218.236.103.54], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:39 mail1 sm-mta[31132]: ruleset=check_relay, arg1=[218.237.107.157], arg2=218.237.107.157, relay=[218.237.107.157], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:48 mail1 sm-mta[31133]: ruleset=check_relay, arg1=[218.237.153.157], arg2=218.237.153.157, relay=[218.237.153.157], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:14:52 mail1 sm-mta[31134]: ruleset=check_relay, arg1=[218.237.155.201], arg2=218.237.155.201, relay=[218.237.155.201], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:15:01 mail1 sm-mta[31135]: ruleset=check_relay, arg1=[218.237.183.69], arg2=218.237.183.69, relay=[218.237.183.69], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:15:05 mail1 sm-mta[31136]: ruleset=check_relay, arg1=[218.237.73.233], arg2=218.237.73.233, relay=[218.237.73.233], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:15:10 mail1 sm-mta[31137]: ruleset=check_relay, arg1=[218.238.120.112], arg2=218.238.120.112, relay=[218.238.120.112], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Jul 23 01:15:14 mail1 sm-mta[31138]: ruleset=check_relay, arg1=[218.238.157.90], arg2=218.238.157.90, relay=[218.238.157.90], reject=550 5.7.1 No SMTP connections allowed from Korea due to spammers Notice that not one attempt made it through. Also notice that the end of the run is comprised solely of Hanaro zombies. If ever there was an ISP in more dire need of a meltdown... it was probably Comcast. Edit: typo Link to comment Share on other sites More sharing options...
Miss Betsy Posted July 23, 2005 Share Posted July 23, 2005 I noticed a particular log section from one of my smaller mail servers that hosts accounts for just 2 people. It appears that a spam gang with a lot of resources made a strong run over a 5-minute time frame. It's so pretty that I thought I'd share it. Notice that not one atempt made it through. 30569[/snapback] Makes me wish I had a server and could have logs! Miss Betsy Link to comment Share on other sites More sharing options...
GraemeL Posted July 23, 2005 Share Posted July 23, 2005 Makes me wish I had a server and could have logs! 30571[/snapback] Here are my stats. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.