North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: att.net email issues?

  • From: just me
  • Date: Fri Jan 24 18:30:39 2003

No kidding, dude. I've only been keeping track for a few weeks. Is
anyone awake behind the wheel over there?


[email protected]:~$ mysql -e 'select count(relayi) from logged where relayi
like "12.%" ' spam
+---------------+
| count(relayi) |
+---------------+
|           249 |
+---------------+


[email protected]:~$ mysql -e 'select relayi, reason, count(relayi) from
logged where relayi like "12.%" group by relayi' spam
+----------------+----------+---------------+
| relayi         | reason   | count(relayi) |
+----------------+----------+---------------+
| 12.102.22.196  | honey    |             1 |
| 12.129.205.43  | accessdb |             3 |
| 12.129.205.45  | accessdb |             2 |
| 12.129.205.46  | accessdb |             7 |
| 12.129.205.47  | norev    |             6 |
| 12.129.205.48  | norev    |             4 |
| 12.129.205.49  | norev    |             1 |
| 12.129.205.50  | accessdb |            15 |
| 12.129.205.51  | honey    |             4 |
| 12.129.205.52  | accessdb |             4 |
| 12.129.205.53  | accessdb |            20 |
| 12.129.205.54  | honey    |             1 |
| 12.129.205.56  | norev    |             2 |
| 12.129.205.57  | norev    |             3 |
| 12.129.205.58  | honey    |             1 |
| 12.129.205.59  | accessdb |             3 |
| 12.129.205.60  | accessdb |             2 |
| 12.129.205.64  | honey    |             2 |
| 12.129.205.65  | honey    |             1 |
| 12.129.205.66  | accessdb |             4 |
| 12.129.205.69  | honey    |             1 |
| 12.129.205.72  | accessdb |             5 |
| 12.129.205.73  | honey    |            16 |
| 12.129.205.74  | accessdb |             2 |
| 12.129.205.75  | honey    |             1 |
| 12.129.205.77  | norev    |             3 |
| 12.129.205.79  | accessdb |             3 |
| 12.129.205.80  | accessdb |             4 |
| 12.129.205.82  | accessdb |             3 |
| 12.129.248.238 | honey    |             2 |
| 12.149.217.151 | norev    |             1 |
| 12.158.240.216 | honey    |             2 |
| 12.158.240.217 | honey    |             2 |
| 12.158.240.218 | honey    |             1 |
| 12.158.240.220 | honey    |             1 |
| 12.158.240.221 | honey    |             8 |
| 12.158.240.229 | honey    |             3 |
| 12.158.240.230 | honey    |             4 |
| 12.158.240.235 | honey    |             5 |
| 12.158.240.239 | honey    |             6 |
| 12.158.240.240 | honey    |             8 |
| 12.158.240.243 | honey    |            22 |
| 12.158.240.244 | honey    |             6 |
| 12.158.240.245 | honey    |             1 |
| 12.158.240.246 | honey    |             1 |
| 12.158.240.247 | honey    |             2 |
| 12.158.240.248 | honey    |            12 |
| 12.158.240.249 | honey    |            12 |
| 12.158.240.250 | honey    |             6 |
| 12.159.132.222 | norev    |             1 |
| 12.212.72.51   | honey    |             2 |
| 12.213.23.167  | honey    |             1 |
| 12.216.30.71   | honey    |             1 |
| 12.220.84.48   | honey    |             1 |
| 12.224.62.72   | accessdb |             1 |
| 12.226.245.54  | honey    |             1 |
| 12.228.91.107  | honey    |             1 |
| 12.229.146.148 | honey    |             1 |
| 12.231.251.35  | honey    |             1 |
| 12.238.242.248 | honey    |             1 |
| 12.240.177.92  | honey    |             1 |
| 12.241.6.116   | norev    |             1 |
| 12.246.54.76   | accessdb |             1 |
| 12.246.80.126  | honey    |             1 |
| 12.252.68.65   | honey    |             1 |
| 12.30.168.18   | honey    |             1 |
| 12.33.19.133   | honey    |             1 |
| 12.41.24.90    | honey    |             1 |
+----------------+----------+---------------+


On Fri, 24 Jan 2003 [email protected] wrote:


  On 1/24/2003 at 2:40 AM, [email protected] wrote:


  > Chris at UUNet help determine this is a rDNS issue.  att.net seems to have
  > started rejecting email from mail servers that don't have a proper reverse
  > DNS entry.  This is a good thing, even though it is causing me some problems
  > at the moment.  Thanks Chris.

  > -Jim P.

  The question is: is that a knee-jerk reaction to them getting clobbered by
  spam, or maybe a knee-jerk reaction for receiving "too much" mail ABOUT
  their customers to [email protected] ?

  Example: 12.158.240.0/23, 12.42.172.0/22, 12.158.224.0/23, 12.158.234.0/23,
  12.158.236.0/23:

  Jan 24 16:11:03 sonet sendmail[11117]: NOQUEUE: ruleset=check_relay, arg1=if1.dlyforyourinfo.com, arg2=12.158.240.237, relay=if1.dlyforyourinfo.com [12.158.240.237], reject=550 NETBLOCK for CBB/cotennet.com - access for jpmailer.com denied - perpetual mail to non-existing users - Spammers must die.

  Upon complaint re: this spamhaus continuing to connect here:

  The original message was received at Fri, 24 Jan 2003 16:11:09 -0500 (EST)
  from [email protected]

     ----- The following addresses had permanent fatal errors -----
  [email protected]

     ----- Transcript of session follows -----
  ... while talking to gateway2.att.net.:
  <<< 550 208.241.101.2 must be verifiable in DNS
  ... while talking to gateway3.att.net.:
  >>> QUIT
  <<< 550 208.241.101.2 must be verifiable in DNS
  ... while talking to gateway1.att.net.:
  >>> QUIT
  <<< 550 208.241.101.2 must be verifiable in DNS
  554 [email protected] Service unavailable

  (a temporary failure due to renumbering)
  Rejecting on broken or non-existing DNS will probably reject mail from
  more than 15% of all mail servers on the Internet - guaranteeing a
  false positive rate not even matched by the combined 6 DNSBL's I
  use - cumulative and with hard 5xx rejects. AT&T on the other hand,
  will use DNSBL's when the first snowball emerges from hell unscathed.

  Makes you wonder if [email protected] is missing a lotta mail today -
  "gee, za eanternet w0rcks zplend1d todey, duznt eet!" -
  think of http://www.despair.com/ap24x30prin.html :)

  Last but not least, Level3's tolerance of spamming customers has nothing
  on AT&T's ignorance of reports of DoS attacks in the form of address forgery
  committed by their spamming customers, or on behalf of said customers, despite
  notifying them by fax of such activity. That, and the mindless blather
  you receive back from [email protected] on very rare occasions when you complain
  about their customers hitting your spamtraps (dead users, rejects):
  "please forward the header and full body of the spam you received".

  Next: "please call 1-900-ATT-ABUSEDESK, get charged $5 for the call,
  and use the authorization code given to you in the subject line of
  your complaint to guarantee that your message is not shoved into /dev/null"



[email protected]<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>