North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: att.net email issues?
No kidding, dude. I've only been keeping track for a few weeks. Is anyone awake behind the wheel over there? [email protected]:~$ mysql -e 'select count(relayi) from logged where relayi like "12.%" ' spam +---------------+ | count(relayi) | +---------------+ | 249 | +---------------+ [email protected]:~$ mysql -e 'select relayi, reason, count(relayi) from logged where relayi like "12.%" group by relayi' spam +----------------+----------+---------------+ | relayi | reason | count(relayi) | +----------------+----------+---------------+ | 12.102.22.196 | honey | 1 | | 12.129.205.43 | accessdb | 3 | | 12.129.205.45 | accessdb | 2 | | 12.129.205.46 | accessdb | 7 | | 12.129.205.47 | norev | 6 | | 12.129.205.48 | norev | 4 | | 12.129.205.49 | norev | 1 | | 12.129.205.50 | accessdb | 15 | | 12.129.205.51 | honey | 4 | | 12.129.205.52 | accessdb | 4 | | 12.129.205.53 | accessdb | 20 | | 12.129.205.54 | honey | 1 | | 12.129.205.56 | norev | 2 | | 12.129.205.57 | norev | 3 | | 12.129.205.58 | honey | 1 | | 12.129.205.59 | accessdb | 3 | | 12.129.205.60 | accessdb | 2 | | 12.129.205.64 | honey | 2 | | 12.129.205.65 | honey | 1 | | 12.129.205.66 | accessdb | 4 | | 12.129.205.69 | honey | 1 | | 12.129.205.72 | accessdb | 5 | | 12.129.205.73 | honey | 16 | | 12.129.205.74 | accessdb | 2 | | 12.129.205.75 | honey | 1 | | 12.129.205.77 | norev | 3 | | 12.129.205.79 | accessdb | 3 | | 12.129.205.80 | accessdb | 4 | | 12.129.205.82 | accessdb | 3 | | 12.129.248.238 | honey | 2 | | 12.149.217.151 | norev | 1 | | 12.158.240.216 | honey | 2 | | 12.158.240.217 | honey | 2 | | 12.158.240.218 | honey | 1 | | 12.158.240.220 | honey | 1 | | 12.158.240.221 | honey | 8 | | 12.158.240.229 | honey | 3 | | 12.158.240.230 | honey | 4 | | 12.158.240.235 | honey | 5 | | 12.158.240.239 | honey | 6 | | 12.158.240.240 | honey | 8 | | 12.158.240.243 | honey | 22 | | 12.158.240.244 | honey | 6 | | 12.158.240.245 | honey | 1 | | 12.158.240.246 | honey | 1 | | 12.158.240.247 | honey | 2 | | 12.158.240.248 | honey | 12 | | 12.158.240.249 | honey | 12 | | 12.158.240.250 | honey | 6 | | 12.159.132.222 | norev | 1 | | 12.212.72.51 | honey | 2 | | 12.213.23.167 | honey | 1 | | 12.216.30.71 | honey | 1 | | 12.220.84.48 | honey | 1 | | 12.224.62.72 | accessdb | 1 | | 12.226.245.54 | honey | 1 | | 12.228.91.107 | honey | 1 | | 12.229.146.148 | honey | 1 | | 12.231.251.35 | honey | 1 | | 12.238.242.248 | honey | 1 | | 12.240.177.92 | honey | 1 | | 12.241.6.116 | norev | 1 | | 12.246.54.76 | accessdb | 1 | | 12.246.80.126 | honey | 1 | | 12.252.68.65 | honey | 1 | | 12.30.168.18 | honey | 1 | | 12.33.19.133 | honey | 1 | | 12.41.24.90 | honey | 1 | +----------------+----------+---------------+ On Fri, 24 Jan 2003 [email protected] wrote: On 1/24/2003 at 2:40 AM, [email protected] wrote: > Chris at UUNet help determine this is a rDNS issue. att.net seems to have > started rejecting email from mail servers that don't have a proper reverse > DNS entry. This is a good thing, even though it is causing me some problems > at the moment. Thanks Chris. > -Jim P. The question is: is that a knee-jerk reaction to them getting clobbered by spam, or maybe a knee-jerk reaction for receiving "too much" mail ABOUT their customers to [email protected] ? Example: 12.158.240.0/23, 12.42.172.0/22, 12.158.224.0/23, 12.158.234.0/23, 12.158.236.0/23: Jan 24 16:11:03 sonet sendmail[11117]: NOQUEUE: ruleset=check_relay, arg1=if1.dlyforyourinfo.com, arg2=12.158.240.237, relay=if1.dlyforyourinfo.com [12.158.240.237], reject=550 NETBLOCK for CBB/cotennet.com - access for jpmailer.com denied - perpetual mail to non-existing users - Spammers must die. Upon complaint re: this spamhaus continuing to connect here: The original message was received at Fri, 24 Jan 2003 16:11:09 -0500 (EST) from [email protected] ----- The following addresses had permanent fatal errors ----- [email protected] ----- Transcript of session follows ----- ... while talking to gateway2.att.net.: <<< 550 208.241.101.2 must be verifiable in DNS ... while talking to gateway3.att.net.: >>> QUIT <<< 550 208.241.101.2 must be verifiable in DNS ... while talking to gateway1.att.net.: >>> QUIT <<< 550 208.241.101.2 must be verifiable in DNS 554 [email protected] Service unavailable (a temporary failure due to renumbering) Rejecting on broken or non-existing DNS will probably reject mail from more than 15% of all mail servers on the Internet - guaranteeing a false positive rate not even matched by the combined 6 DNSBL's I use - cumulative and with hard 5xx rejects. AT&T on the other hand, will use DNSBL's when the first snowball emerges from hell unscathed. Makes you wonder if [email protected] is missing a lotta mail today - "gee, za eanternet w0rcks zplend1d todey, duznt eet!" - think of http://www.despair.com/ap24x30prin.html :) Last but not least, Level3's tolerance of spamming customers has nothing on AT&T's ignorance of reports of DoS attacks in the form of address forgery committed by their spamming customers, or on behalf of said customers, despite notifying them by fax of such activity. That, and the mindless blather you receive back from [email protected] on very rare occasions when you complain about their customers hitting your spamtraps (dead users, rejects): "please forward the header and full body of the spam you received". Next: "please call 1-900-ATT-ABUSEDESK, get charged $5 for the call, and use the authorization code given to you in the subject line of your complaint to guarantee that your message is not shoved into /dev/null" [email protected]<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
|