Re: Single IP spammed involves whole AS ?
- Date: Tue, 11 Jul 2000 09:23:21 +0200
On Mon, Jul 10, 2000 at 06:51:32PM +0200, Valerio Natale wrote:
> I'm new to this working group, therefore please excuse my silly question and
> forgive me if it's a repost.
> One of our customers's mail server (using obviously one of our IPs) was
> caught to have open relay that has transmitted spam to different users.
> We threatened him to stop this immediately but - meantime - my questions are
> these:
>
> 1)Does the single IP involves being listed in a "black list" as entire AS
> (it does not seem so, at least in the webstite that notified about this:
> http://www.mail-abuse.org/cgi-bin/nph-rss ) ?
No, only single IP numbers are being blacklisted, not entire ASes. However,
if one of your customers has an open relay, you have to be careful that
this customer doesn't use one of your central SMTP boxes as a smarthost.
If they do, then the "output IP" of the open relay would be your central
SMTP box, and you might end up in ORBS or even the RBL.
> 2)Do you have a list of sites that have black lists over this matter ?
Yes, on http://www.iki.fi/era/rbl/rbl.html
Of these, ORBS (www.orbs.org) and RSS (www.mail-abuse.org/rss) are the
most well-known open-relay blacklists.
--
#!perl -pl # This kenny-filter is virus-free as long as you don't copy it
$p=3-2*/[a-eg-lnoq-z]/i;s{([a-z]{$p})}{vec($f=($p-1?chr(sub{$_[0]*9+$_[1]*3+$_
[2]}->(split'',(($m=lc$1)=~tr/mpf/012/,$m))+97):join'',(qw(m p f))[map{((ord$1
)%32-1)/$_%3}(9,3,1)]),5,1)="a"le$1;$f}gie; # Jan-Pieter Cornet