procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: helo=<IP> detection

2006-11-22 18:49:59
from [Google Kreme] [Permanent Link] 
On 22-Nov-2006, at 11:30, Michelle Konzack wrote:

Am 2006-11-19 13:18:08, schrieb Google Kreme:

On 18-Nov-2006, at 09:37, Michelle Konzack wrote:

all received spams has exactly this "(helo=[12.34.56.78])"  
construct.


Wait.  Are you using the valid IP address 12.34.56.78 as a poorly
chosen placeholder, or do you really mean it's from AT&T Worldnet?


I get severasl 1000' per day from this network!


So, you mean 12.34.56.0-12.34.56.255?

Because AT&T Worldnet controls the entire Class A  
(12.0.0.0-12.255.255.255):


Do you have tried an Reverse-Lookup on the IP?
This is definitivly NO legal SMTP-Relay.


AT&T WorldNet Services ATT (NET-12-0-0-0-1)
                                   12.0.0.0 - 12.255.255.255
COMPUTER PROGRAMS SYSTEMS, INC. COMPUTER85-56-64 (NET-12-34-56-64-1)
                                   12.34.56.64 - 12.34.56.79

And 12.34.56.78 is subleased out to CPS, which may or may not be the  
same as www.cpsinet.com.


12.34.56.789 would be a much better placeholder, as it is an
impossible IP.


Right but it can not be since [A.B.C.D] is taken from the sending IP


You are misunderstanding me.

12.34.56.78 is a REAL IP ADDRESS.  It belongs to someone (or some  
machine in AT&T Worldnet).  Using it as an EXAMPLE is a poor choice,  
much like using 'mydomain.com' which is also a real domain, with real  
users, and not yours.  If that is what you are doing (ie, filling in  
some numbers to LOOK like an IP address), then use an impossible IP  
instead in your examples.

For the record:

12.34.56.78 is not listed in the SBL
12.34.56.78 is not listed in the XBL

-- 
The Monks of Cool, whose tiny and exclusive monastery is hidden in a  
really cool and laid-back valley in the lower Ramtops, have a passing- 
out test for a novice. He is taken into a room full of all types of  
clothing and asked: Yo, my son, which of these is the most stylish  
thing to wear? And the correct answer is: Hey, whatever I select.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: helo=<IP> detection, Michelle Konzack
Next by Date:  Re: helo=<IP> detection, Ruud H.G. van Tol
Previous by Thread:  Re: helo=<IP> detection, Michelle Konzack
Next by Thread:  Re: helo=<IP> detection, Ruud H.G. van Tol
Indexes:  [Date] [Thread] [Top] [All Lists]