Duncan Hill writes:
For those who haven't seen this one yet, and want to add it to your
block lists...
The headers don't tell much at all..
Received: from 205.214.199.134 by bajan.pct.edu
(fetchmail-4.3.2 POP3 run by dhill) --
for <dhill(_at_)localhost> (single-drop); Fri Mar 20 09:00:02 1998
Received: from 153.34.231.28 [153.34.231.28] by mail.sunbeach.net
(SMTPD32-4.03) id A7939670100; Fri, 20 Mar 1998 07:48:35 -0400
From:
To:
Subject: 40 MILLION EMAIL ADDRESSES - SUPER LOW PRICE !!
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Date: Fri, 20 Mar 98 07:48:40 -0400
X-UIDL: 4185919065
153.34.231.28 refused to talk on 25, but the site listed further down
in the mail (207.93.198.154) does talk. If you go to the second
IP/webhost/ via web, you'll find out about a friendly spammer service.
153.34.231.28 is a .uu.net dialup.
Just in case people haven't seen this one and want to block it at the
router level or something.
You can safely block 153.3[4-7] and 208.25[2-5]. They're all uu.net dialups,
and they shouldn't be talking to you anyway. Done away nicely with
tcp_wrappers ;-)
Oh, here's the SMTP greeting.. wonder how long this guy will last..
webpages.linkus.com WindowsNT SMTP Server v3.03.0014/1.aic1/SP
One of these cute little SMTP servers described in sendmail FAQ 3.20 ...