This may be of interest to the list ... Durocom assumed mail
responsilibities for Smitty's former ISP MPI-Net ...
Looks as though Smitty's new ISP has an open relay ...
216.53.195.243
He was a bit unclear on how to analyze the matter -- the
bounce notice to his ISP, which had been stripped off the
Reject message, which said:
5.3.0 Rejected - see http://www.orbz.org/
... which would have given him a steer to tracking it down.
The ISP also would have notice in its mailhandler log with the
same content ...
There is a general discussion at: http://www.orbz.org/
And the details as to the passing of relay spam at:
http://www.orbz.org/b.php?216.53.195.243
The Durocom customer, jpmicro.com ([206.105.32.102]), caused
it to be listed most recently ... probably running an open
relay.
206.105.32.102 looks to be an unsecured NT:
Trying 206.105.32.102...
Connected to 206.105.32.102.
Escape character is '^]'.
220 X1 NT-ESMTP Server mail.jpmicro.com (IMail 6.05 30342-1)
quit
221 Goodbye
Connection closed by foreign host.
----------------------------------------------
I think the ORBZ pages are well written -- and this RBL has
made an ENORMOUS difference in the quantity of spam being
received by me -- about 1 in 7 pieces, based on a sample of
10,000 pieces.
Wow!
-- Russ
Detail analysis:
=========================================================
[herrold@swampfox log]$ rblcheck 216.53.195.243
not RBL filtered by rbl.maps.vix.com
not RBL filtered by relays.orbs.org
not RBL filtered by inputs.orbz.org
not RBL filtered by or.orbl.org
RBL filtered by outputs.orbz.org
not RBL filtered by orbs.dorkslayers.com
not RBL filtered by relays.ordb.org
not RBL filtered by relays.osirusoft.com
[herrold@swampfox log]$
RBLCheck is available at Sourceforge, and I maintain an
updated version with the eight listed RBL's coded into the
diff's at:
ftp://ftp.owlriver.com/pub/local/ORC/rblcheck/
I checked my mail logs for Smitty's last hop mail handler at:
[herrold@swampfox ~]$ cd /var/log
[herrold@swampfox log]$ sudo zgrep durocom.com maillog.1.gz
Sep 3 17:22:50 swampfox sendmail[2648]: f83LMmp02648:
ruleset=check_relay, arg1=fl-mta02.durocom.com,
arg2=216.53.195.243, relay=fl-mta02.durocom.com
[216.53.195.243], reject=553 5.3.0 Rejected - see
http://www.orbz.org/
Sep 3 17:22:51 swampfox sendmail[2648]: NOQUEUE:
fl-mta02.durocom.com [216.53.195.243] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Sep 3 17:31:09 swampfox sendmail[7160]: f83LV7p07160:
ruleset=check_relay, arg1=fl-mta01.durocom.com,
arg2=216.53.195.242, relay=fl-mta01.durocom.com
[216.53.195.242], reject=553 5.3.0 Rejected - see
http://www.orbz.org/
Sep 3 17:31:10 swampfox sendmail[7160]: NOQUEUE:
fl-mta01.durocom.com [216.53.195.242] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
On Mon, 10 Sep 2001 libertarian@iclinux.com wrote:
> Russ,
> Here's the bounced email in question. Actually, I sent it
> three times and it bounced each time. I don't know enough
> to diagnose the difficulty. Over to you.
> Smitty
>
> At Mon, 10 Sep 2001 20:37:34 -0400 , wrote:
>
> >
> >
> >---------- Forwarded Message ----------
> >Return-Path: <>
> >To: 76543a@mpinet.net
> >From: Mail Administrator <Postmaster@durocom.com>
> >Reply-To: Mail Administrator <Postmaster@durocom.com>
> >Subject: Mail System Error - Returned Mail
> >Date: Mon, 3 Sep 2001 17:22:51 -0400
> >Message-ID: <20010903212251.HBPS24241.fl-mta02@fl-mta02.durocom.com>
> >MIME-Version: 1.0
> >Content-Type: multipart/report;
> > report-type=delivery-status;
> > Boundary="===========================_ _= 6949157(24241)999552171"
> >Content-Transfer-Encoding: 7BIT
> >Status: RO
> >X-Status: F
> >
> >
> >--===========================_ _= 6949157(24241)999552171
> >Content-Type: text/plain
> >
> >This Message was undeliverable due to the following reason:
> >
> >Your message was not delivered because the return address was refused.
> >
> >The return address was '<76543a@mpinet.net>'
> >
> >Please reply to Postmaster@durocom.com
> >if you feel this message to be in error.
> >
> >--===========================_ _= 6949157(24241)999552171
> >Content-Type: message/delivery-status
> >
> >Reporting-MTA: dns; fl-mta02.durocom.com
> >Arrival-Date: Mon, 3 Sep 2001 17:22:43 -0400
> >Received-From-MTA: dns; linux (216.53.218.88)
> >
> >Final-Recipient: RFC822; <herrold@owlriver.com>
> >Action: failed
> >Status: 5.1.3
> >Remote-MTA: dns; mail.owlriver.com (206.21.107.147)
> >Diagnostic-Code: smtp; 553 5.3.0 Rejected - see http://www.orbz.org/
> >
> >--===========================_ _= 6949157(24241)999552171
> >Content-Type: message/rfc822
> >
> >Received: from linux ([216.53.218.88]) by fl-mta02.durocom.com with SMTP
> > id <20010903212242.HBOQ24241.fl-mta02@linux>
> > for <herrold@owlriver.com>; Mon, 3 Sep 2001 17:22:42 -0400
> >Content-Type: text/plain;
> > charset="iso-8859-1"
> >From: Smitty <76543a@mpinet.net>
> >Reply-To: 76543a@mpinet.net
> >Organization: Destroy All Spammers
> >To: herrold@owlriver.com
> >Subject: Request your opinion
> >Date: Mon, 3 Sep 2001 17:13:57 -0400
> >X-Mailer: KMail [version 1.2]
> >MIME-Version: 1.0
> >Message-Id: <01090317135701.00686@linux>
> >Content-Transfer-Encoding: 8bit
> >
<private content elided ...>
> >
> >--===========================_ _= 6949157(24241)999552171--
> >
> >
> >This Message was undeliverable due to the following reason:
> >
> >Your message was not delivered because the return address was refused.
> >
> >The return address was '<76543a@mpinet.net>'
> >
> >Please reply to Postmaster@durocom.com
> >if you feel this message to be in error.
> >
> >-------------------------------------------------------
> >
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:04:20 EDT