[luau] efltn.com?

[MonMotha]

Vince Hoang wrote:
> Can the folks running a mailserver scan their logs for efltn.com?
> 
> Since 2003/06/30, 207.134.106.109 and 207.134.106.110 has been
> attempting to deliver mail from that domain every half hour with
> with appears to be some kind of direct-to-MX spamming software.
> The IPs I listed are not even running a listening mail server.
> 
> DNS is not resolving properly, but if you run a whois on that
> domain, you will see that the registrant is Honolulu based.
> 
> -Vince


For all it's worth, probably unrelated, but I recently got a targeted (though 
poorly, since I'm in in Hawaii :) spam that was actually sent from a 
hawaii.rr.com IP apparently (unless that part of the header was forged and they 
conncected directly to my local ISPs mail server, unlikely but possible).

Relevant headers:

Received: from ms-mta-02 (ms-mta-02-mss [10.24.10.6])
  by ms-mss-03.columbus.rr.com
  (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
  with ESMTP id <0HHD003VXL9Q32 at ms-mss-03.columbus.rr.com> for
  monmotha%indy.rr.com at ims-ms-daemon; Tue, 01 Jul 2003 22:22:38 -0400 (EDT)
Received: from ncmx01.mgw.rr.com (ncmx01.mgw.rr.com [24.93.67.251])
  by ms-mta-02.columbus.rr.com
  (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
  with ESMTP id <0HHD00ES7L9PO5 at ms-mta-02.columbus.rr.com> for
  monmotha at indy.rr.com (ORCPT monmotha at indy.rr.com); Tue,
  01 Jul 2003 22:22:38 -0400 (EDT)
Received: from ecouponsHawaii59.com
  (cpe-66-8-200-254.hawaii.rr.com [66.8.200.254])
	by ncmx01.mgw.rr.com (8.12.8p1/8.12.8) with SMTP id h622MmtU013371 for
  <monmotha at indy.rr.com>; Tue, 01 Jul 2003 22:22:53 -0400 (EDT)

It actaully appears to have from from a valid hawaii.rr.com cable modem, and 
have gone through hawaii.rr.com's SMTP relay.  If this is the case, please do go 
after them as I shoudl hope roadrunner prohibits spamming (they do in indy.rr.com!).

--MonMotha