|
Home > Archive > Email Abuse and Spam > February 2004 > spam relay test
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| browolf 2004-02-28, 10:35 am |
| just picked up this single spam relay test from www.inion.ru
(194.67.188.12) on my honeypot
HELO x.x.x.x
MAIL FROM:<smtp2001soho@yahoo.com>
RCPT TO:<mailtest3@netmasters.ru>
DATA
Subject: 7534df112cn206:x.x.x.x<194.67.188>
the first abuse msg i sent to an address on whois was refused with
"Remote host said: 554 5.7.1 Message cannot be accepted, content
filter
rejection Reject Novarg"
so i've just forwarded it to abuse@inion.ru
are there any places like anti-spam ppl i should also report it to?
regards
Andy
| |
| Anri Erinin 2004-02-28, 12:34 pm |
| browolf wrote:
> just picked up this single spam relay test from www.inion.ru
> (194.67.188.12) on my honeypot
>
> HELO x.x.x.x
> MAIL FROM:<smtp2001soho@yahoo.com>
> RCPT TO:<mailtest3@netmasters.ru>
> DATA
> Subject: 7534df112cn206:x.x.x.x<194.67.188>
>
> the first abuse msg i sent to an address on whois was refused with
> "Remote host said: 554 5.7.1 Message cannot be accepted, content
> filter
> rejection Reject Novarg"
hm. spam from/for netmasters.ru (194.67.188.3):
http://www.google.com/groups?selm=3...00%40rambler.ru
fresh one here:
http://www.cyberpolice.ru/f/read.php?f=2&i=91&t=91
in both cases it looks like proxy-smarthost spam.
more relaytests:
http://www.google.com/groups?as_ugr..._q=smtp2001soho
etc.netmasters.ru is 194.67.188.3
publ.inion.ru (194.67.188.14) is a redirector to netmasters.ru
etc.inion.ru is 194.67.188.10 and is identical with netmasters.ru
> so i've just forwarded it to abuse@inion.ru
>
> are there any places like anti-spam ppl i should also report it to?
inion.ru, netmasters.ru and 194.67.188.0/24 are under control of the
same person: Andy (Andrey) Rodionov, andyr@inion.ru
Sooo... abuse@ rmt.ru (don't hold your breath)
P.S. Could you please send the evidence for the test to the 'from' address?
--
Yes, I do have a spellchequer
| |
| Sþer®Ð 2004-02-28, 12:35 pm |
|
"browolf" <brother_wolf2@yahoo.com> schreef in bericht
news:b2cb3134.0402280715.1d554748@posting.google.com...
> just picked up this single spam relay test from www.inion.ru
> (194.67.188.12) on my honeypot
>
> HELO x.x.x.x
> MAIL FROM:<smtp2001soho@yahoo.com>
> RCPT TO:<mailtest3@netmasters.ru>
> DATA
> Subject: 7534df112cn206:x.x.x.x<194.67.188>
>
> the first abuse msg i sent to an address on whois was refused with
> "Remote host said: 554 5.7.1 Message cannot be accepted, content
> filter
> rejection Reject Novarg"
>
> so i've just forwarded it to abuse@inion.ru
>
> are there any places like anti-spam ppl i should also report it to?
>
>
> regards
>
> Andy
Same here!
Feb 28 07:46:36 www sendmail[29934]: i1S6kZPh029934: ruleset=check_rcpt,
arg1=<mailtest5@netmasters.ru>, relay=[194.67.188.45], reject=550 5.7.1
<mailtest5@netmasters.ru>... Relaying denied. IP name lookup failed
194.67.188.45]
Feb 28 07:46:36 www sendmail[29934]: i1S6kZPh029934:
from=<smtp2001soho@yahoo.com>, size=0, class=0, nrcpts=0, proto=SMTP,
daemon=MTA, relay=[194.67.188.45]
| |
|
| brother_wolf2@yahoo.com (browolf) wrote in
news:b2cb3134.0402280715.1d554748@posting.google.com:
> just picked up this single spam relay test from www.inion.ru
> (194.67.188.12) on my honeypot
>
> HELO x.x.x.x
> MAIL FROM:<smtp2001soho@yahoo.com>
> RCPT TO:<mailtest3@netmasters.ru>
> DATA
> Subject: 7534df112cn206:x.x.x.x<194.67.188>
>
> the first abuse msg i sent to an address on whois was refused with
> "Remote host said: 554 5.7.1 Message cannot be accepted, content
> filter
> rejection Reject Novarg"
>
> so i've just forwarded it to abuse@inion.ru
>
> are there any places like anti-spam ppl i should also report it to?
>
>
> regards
>
> Andy
Use caution, spammers will often show your IP address and also encrypt it
into their test message, sometimes in several ways.
Your reports can serve to 'out' your honeypot unless you are careful.
I have, at times, decoded their encrypted string and munged my honeypot's
address, then recrypted the munged string. If my report went to the
spammer, it may have 'given him pause'.
--
bz
please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.
bz+nanae@ch100-5.chem.lsu.edu
|
|
|
|
|