Op Mon, 25 Feb 2008 17:36:56 +0100 schreef Clever Monkey
<spamtrap@clevermonkey.org.INVALID>:
> Boudewijn Dijkstra wrote:
>> Op Fri, 22 Feb 2008 17:54:50 +0100 schreef Clever Monkey
>> <spamtrap@clevermonkey.org.INVALID>:
>>> I noticed today that there was a significant amount of SMTP traffic to
>>> my little box. When I looked at /var/log/daemon they had all rolled
>>> over in less than 4-5 hours. Most of the entries were spamd reports,
>>> all from the same netblocks.
>>>
>>> When I query spamdb I see something like 350,000 greylisted entries to
>>> hosts within the following netblocks:
>>>
>>> 205.209.128.0/18
>>> 208.77.40.0/21
>>>
>>> [...]
>>>
>>> I blacklisted these netblocks (quite frankly, I don't care if there is
>>> a legit message being passed from an IP in this range)
>> Are you sure? Both blocks are registered with companies just 55 miles
>> from your location.
>>
> I'm pretty sure I'm not in or near Fremont, California, so I'm not sure
> what you mean. GeoIP stuff is chancy, at best; those "girls in your
> area looking for dates" web ads on some sites guess close, but not
> quite, when I surf from home. Those ads agree with me about not
> appearing to originate from anywhere near California.

Woops.

> Perhaps you are mistaking a two-letter ISO code for a two-letter state
> abbreviation, both of which get used in whois records?

Yep, that's it. Extra-confusing for outsiders is the shared telephone
country code.

> This pointless spam flood has stopped for now. I was more puzzled than
> worried, as I don't see what such activity can possibly gain anyone.

You probably won't get a satisfactory answer even from the purpetrators.



--
Gemaakt met Opera's revolutionaire e-mailprogramma:
http://www.opera.com/mail/