Administrativia: Spam problem

Torbjorn Granlund tege@swox.com
30 Jan 2003 23:42:13 +0100

Previous message: News Alert
Next message: Administrativia: Spam problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would like to apologize for the amount of spam that gets
though to this list.  We (actually our Linus) keep fighting
against it, with mail black lists and spamassasin.  But
while this stops the vast majority of the spam, some slips
though.

In the meantime, please remember to complain to ISPs.  If
you're under Unix, traceroute is your friend.

First dig out the machine that handed the message to any of
the Swox MX machines from the mail header.  (These are
b.swox.se, *.romab.com, or server.fatburen.org.)

Then, use the IP number (not the hostname which is usually
fake), and give that to traceroute.

Example:

The last artmarket spam had this header:

 Received: from b.swox.se (b.swox.se [212.247.3.182])
         by king.swox.se (Postfix) with ESMTP id 7652D491
         for <webmaster@swox.com>; Wed, 29 Jan 2003 22:26:39 +0100 (CET)
 Received: from localhost (localhost.swox.se [127.0.0.1])
         by b.swox.se (Postfix) with ESMTP id 487201FAC
         for <webmaster@swox.com>; Wed, 29 Jan 2003 22:26:39 +0100 (CET)
 Received: from b.swox.se ([212.247.3.182])
  by localhost (b.swox.se [127.0.0.1:10024]) (amavisd-new) with ESMTP
  id 03688-05 for <webmaster@swox.com>; Wed, 29 Jan 2003 22:26:34 +0100 (CET)
 Received: from rot13.romab.com (rot13.romab.com [194.52.231.20])
         by b.swox.se (Postfix) with ESMTP id 8E87F1FA4
         for <webmaster@swox.com>; Wed, 29 Jan 2003 22:26:33 +0100 (CET)
 Received: from mail1.artmarket.com (mail1.artmarket.com [194.242.43.184])
         by rot13.romab.com (Postfix) with ESMTP id A289617EE7
         for <webmaster@swox.com>; Wed, 29 Jan 2003 22:26:27 +0100 (MET)
 From: ArtMarketInsight.com <info@artmarket.com>
 To: <webmaster@swox.com>

Here, 194.242.43.184 handed the spam to our MX backup
rot13.romab.com.  traceroute 194.242.43.184 gives:

traceroute to 194.242.43.182 (194.242.43.182), 64 hops max, 44 byte packets
 1  ratata (10.0.0.1)  0.321 ms  0.360 ms  0.349 ms
 2  ext-router (212.247.3.190)  3.350 ms  2.884 ms  3.158 ms
 3  kst27.serial5-2c5.swip.net (130.244.6.105)  16.021 ms  15.834 ms  16.900 ms
 4  kst2-core.gigabiteth1-0.swip.net (130.244.198.194)  17.802 ms  16.253 ms  14.095 ms
 5  htg3-core.srp6-0.swip.net (130.244.198.19)  18.030 ms  16.053 ms  14.394 ms
 6  dgix-srp8-0-bod.stk.router.colt.net (194.68.132.104)  20.463 ms  37.902 ms  24.458 ms
 7  pos9-0-asterix.PAR.router.COLT.NET (212.74.67.213)  66.199 ms  267.863 ms  62.695 ms
 8  bbr2-cha-PO-3-0.FR.COLT.NET (212.74.67.22)  66.074 ms  64.136 ms  62.878 ms
 9  gi4-2.bbr1-cha.fr.colt.net (62.23.251.182)  72.974 ms  62.603 ms  64.553 ms
10  po4-0.bbr1-wat.fr.colt.net (62.23.251.189)  77.491 ms  64.337 ms  62.881 ms
11  fa0-0.bbr-pop2-wat.fr.colt.net (195.68.85.226)  66.502 ms  64.801 ms  63.103 ms
12  bbr2-lyo.pos3-0.fr.colt.net (62.23.115.114)  79.242 ms  77.290 ms  76.142 ms
13  LL-1-lyo.fe1-0.fr.colt.net (213.41.24.98)  79.870 ms  77.560 ms  76.731 ms
14  host.102.86.23.62.rev.coltfrance.com (62.23.86.102)  87.757 ms  83.093 ms  88.924 ms
15  * * *
16  * * *

This shows that coltfrance.com, or fr.colt.net. is
responsible for helping this spammer.  Complain to them!

-- 
Torbjörn

Previous message: News Alert
Next message: Administrativia: Spam problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]