[luau] efltn.com?
MonMotha
monmotha at indy.rr.com
Fri Jul 4 10:09:00 PDT 2003
Vince Hoang wrote:
> Can the folks running a mailserver scan their logs for efltn.com?
>
> Since 2003/06/30, 207.134.106.109 and 207.134.106.110 has been
> attempting to deliver mail from that domain every half hour with
> with appears to be some kind of direct-to-MX spamming software.
> The IPs I listed are not even running a listening mail server.
>
> DNS is not resolving properly, but if you run a whois on that
> domain, you will see that the registrant is Honolulu based.
>
> -Vince
For all it's worth, probably unrelated, but I recently got a targeted (though
poorly, since I'm in in Hawaii :) spam that was actually sent from a
hawaii.rr.com IP apparently (unless that part of the header was forged and they
conncected directly to my local ISPs mail server, unlikely but possible).
Relevant headers:
Received: from ms-mta-02 (ms-mta-02-mss [10.24.10.6])
by ms-mss-03.columbus.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <0HHD003VXL9Q32 at ms-mss-03.columbus.rr.com> for
monmotha%indy.rr.com at ims-ms-daemon; Tue, 01 Jul 2003 22:22:38 -0400 (EDT)
Received: from ncmx01.mgw.rr.com (ncmx01.mgw.rr.com [24.93.67.251])
by ms-mta-02.columbus.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <0HHD00ES7L9PO5 at ms-mta-02.columbus.rr.com> for
monmotha at indy.rr.com (ORCPT monmotha at indy.rr.com); Tue,
01 Jul 2003 22:22:38 -0400 (EDT)
Received: from ecouponsHawaii59.com
(cpe-66-8-200-254.hawaii.rr.com [66.8.200.254])
by ncmx01.mgw.rr.com (8.12.8p1/8.12.8) with SMTP id h622MmtU013371 for
<monmotha at indy.rr.com>; Tue, 01 Jul 2003 22:22:53 -0400 (EDT)
It actaully appears to have from from a valid hawaii.rr.com cable modem, and
have gone through hawaii.rr.com's SMTP relay. If this is the case, please do go
after them as I shoudl hope roadrunner prohibits spamming (they do in indy.rr.com!).
--MonMotha
More information about the LUAU
mailing list