[luau] efltn.com?

Mark Pettit mark at pettit.org
Fri Jul 4 09:55:01 PDT 2003


>Can the folks running a mailserver scan their logs for efltn.com?
>
>Since 2003/06/30, 207.134.106.109 and 207.134.106.110 has been
>attempting to deliver mail from that domain every half hour with
>with appears to be some kind of direct-to-MX spamming software.
>The IPs I listed are not even running a listening mail server.
>
>DNS is not resolving properly, but if you run a whois on that
>domain, you will see that the registrant is Honolulu based.

I'm seeing it too.  It started on June 30, and here are the number of
lines in my syslog from each day (each email generates two lines, so
divide by two to find out how many mails have been attempted):

[cletus:~]$ awk '{print $1, $2}' < efltn.com | uniq -c
     14 Jun 30
     28 Jul 1
     24 Jul 2
     18 Jul 3
     12 Jul 4

My server is rejecting the messages:

Jul  4 05:11:34 cletus sendmail[6942]: h64FBXT06942: ruleset=check_mail, arg1=<bounce-MSG_12392151-8789870- at msg.efltn.com>, relay=efl2.efltn.com [207.134.106.109] (may be forged), reject=451 4.1.8 Domain of sender address bounce-MSG_12392151-8789870- at msg.efltn.com does not resolve

I'm also seeing only the two IPs as well.

-- 
Mark K. Pettit
mark at pettit.org



More information about the LUAU mailing list