Re: More then 2800 spams from the list...
Now I have made a script to analyse where the traffic is comming from:
A singel network in Spain!
Am 2018-03-19 hackte email@example.com in die Tasten:
> What do you mean by "the spammer is on the list"? The spam messages
> don't go via list. I would get them (my own mail server and no spam
> filter beyond the standard Exim header checking, which would never
> drop/reject a mail coming from the list).
>> <mail.tamay-dogan.net> is subject of a DOS attack.
> Yes, I rather think they are targetting you. The Debian mailing
> list headers seem to me (well placed) spoof.
>> It seems, the Attacker know probably several 10.000 wrong configured
>> mailservers and now use it, to pull down my server...
> Yes, that's how it looks to me. Perhaps they're real bounces,
> perhaps they're fake. But I'm pretty sure by now that the
> Debian-list related headers are plain fake, to nudge people
> into "responding to list" and thus spreading the spam even
I am attacked by this network:
----[ c 'whois -B 126.96.36.199' ]-------------------------------------
% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Information related to '188.8.131.52 - 184.108.40.206'
% Abuse contact for '220.127.116.11 - 18.104.22.168' is
inetnum: 22.214.171.124 - 126.96.36.199
status: ALLOCATED PA
org-name: Infortelecom Hosting S.L.
address: Ronda Narciso Monturiol, num.17
Puerta 1 1 Parque Tecnologico
address: Paterna - VALENCIA
person: Jose Daniel Domenech Gasco
address: C/ Ciudad de Sevilla, 76 - Pol. Ind. Fuente del Jarro
address: 46980 Paterna
address: Valencia, SPAIN
% Information related to '188.8.131.52/24AS50926'
% This query was served by the RIPE Database Query Service version
They have several 1000 mailservers which send me this crap...
...and if I read on theire website "VPS & CLOUD" my alarm bells are
ringing. I blocked there WHOLE network!
> FWIW, I've sent a test mesage to (some randomly chosen user name)
> at one of the servers in list and am awaiting a bounce message.
> Let's see...
> @Michelle: could you please send me a *complete* bounce message,
> headers and all, as it arrives at your place? I still can't figure
> out what kind of headers you sent to this list.
yes in some seconds.
> - -- tomÃ¡s
Thanks in advance
Michelle Konzack Miila ITSystems @ TDnet
GNU/Linux Developer 00372-54541400