Boudewijn Dijkstra wrote:
> Op Fri, 22 Feb 2008 17:54:50 +0100 schreef Clever Monkey
> <spamtrap@clevermonkey.org.INVALID>:
>> I noticed today that there was a significant amount of SMTP traffic to
>> my little box. When I looked at /var/log/daemon they had all rolled
>> over in less than 4-5 hours. Most of the entries were spamd reports,
>> all from the same netblocks.
>>
>> When I query spamdb I see something like 350,000 greylisted entries to
>> hosts within the following netblocks:
>>
>> 205.209.128.0/18
>> 208.77.40.0/21
>>
>> [...]
>>
>> I blacklisted these netblocks (quite frankly, I don't care if there is
>> a legit message being passed from an IP in this range)
>
> Are you sure? Both blocks are registered with companies just 55 miles
> from your location.
>
I'm pretty sure I'm not in or near Fremont, California, so I'm not sure
what you mean. GeoIP stuff is chancy, at best; those "girls in your
area looking for dates" web ads on some sites guess close, but not
quite, when I surf from home. Those ads agree with me about not
appearing to originate from anywhere near California.

Perhaps you are mistaking a two-letter ISO code for a two-letter state
abbreviation, both of which get used in whois records?

This pointless spam flood has stopped for now. I was more puzzled than
worried, as I don't see what such activity can possibly gain anyone.
--
clvrmnky <mailto:spamtrap@clevermonkey.org>

Direct replies to this address will be blacklisted. Replace "spamtrap"
with my name to contact me directly.