[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More then 2800 spams from the list...

Now I have made a script to analyse where the traffic is comming from:

A singel network in Spain!

Am 2018-03-19 hackte tomas@tuxteam.de in die Tasten:
> What do you mean by "the spammer is on the list"? The spam messages
> don't go via list. I would get them (my own mail server and no spam
> filter beyond the standard Exim header checking, which would never
> drop/reject a mail coming from the list).
>> <mail.tamay-dogan.net> is subject of a DOS attack.
> Yes, I rather think they are targetting you. The Debian mailing
> list headers seem to me (well placed) spoof.
>> It seems, the Attacker know probably several 10.000 wrong configured
>> mailservers and now use it, to pull down my server...
> Yes, that's how it looks to me. Perhaps they're real bounces,
> perhaps they're fake. But I'm pretty sure by now that the
> Debian-list related headers are plain fake, to nudge people
> into "responding to list" and thus spreading the spam even
> more.

I am attacked by this network:

----[ c 'whois -B' ]-------------------------------------
% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Information related to ' -'

% Abuse contact for ' -' is

inetnum: -
netname:        ES-INFORTELECOM-20120912
country:        ES
org:            ORG-ISS3-RIPE
admin-c:        JDDG1-RIPE
tech-c:         JDDG1-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         AS50926-MNT
created:        2012-09-12T11:52:24Z
last-modified:  2017-11-30T11:26:09Z
source:         RIPE

organisation:   ORG-ISS3-RIPE
org-name:       Infortelecom Hosting S.L.
org-type:       LIR
address:        Ronda Narciso Monturiol, num.17
                Puerta 1 1 Parque Tecnologico
address:        46980
address:        Paterna - VALENCIA
address:        SPAIN
phone:          +34910820073
phone:          +34963788771
e-mail:         jdomenech@infortelecom.es
admin-c:        JDDG1-RIPE
admin-c:        VGP13-RIPE
abuse-c:        ABIT11-RIPE
mnt-ref:        RIPE-NCC-HM-MNT
mnt-ref:        AS50926-MNT
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         AS50926-MNT
created:        2004-10-07T15:33:06Z
last-modified:  2017-10-30T14:49:58Z
source:         RIPE

person:         Jose Daniel Domenech Gasco
address:        C/ Ciudad de Sevilla, 76 - Pol. Ind. Fuente del Jarro
address:        46980 Paterna
address:        Valencia, SPAIN
e-mail:         jdomenech@infortelecom.es
phone:          +34963788771
fax-no:         +34960451442
nic-hdl:        JDDG1-RIPE
mnt-by:         AS50926-MNT
created:        2002-10-08T14:20:22Z
last-modified:  2013-04-03T16:12:35Z
source:         RIPE

% Information related to ''

origin:         AS50926
descr:          AXARnet-Network
mnt-by:         AXARNET-MNT
mnt-by:         AS50926-MNT
created:        2017-05-16T10:01:19Z
last-modified:  2017-05-16T10:01:19Z
source:         RIPE

% This query was served by the RIPE Database Query Service version
1.91.1 (BLAARKOP)

They have several 1000 mailservers which send me this crap...

...and if I read on theire website "VPS & CLOUD" my alarm bells are
ringing.  I blocked there WHOLE network!

> FWIW, I've sent a test mesage to (some randomly chosen user name)
> at one of the servers in list and am awaiting a bounce message.
> Let's see...
> @Michelle: could you please send me a *complete* bounce message,
> headers and all, as it arrives at your place? I still can't figure
> out what kind of headers you sent to this list.

yes in some seconds.

> Thanks
> - -- tomás

Thanks in advance

Michelle Konzack        Miila ITSystems @ TDnet
GNU/Linux Developer     00372-54541400

Reply to: