No kidding, dude. I've only been keeping track for a few weeks. Is anyone awake behind the wheel over there? matt@pants:~$ mysql -e 'select count(relayi) from logged where relayi like "12.%" ' spam +---------------+ | count(relayi) | +---------------+ | 249 | +---------------+ matt@pants:~$ mysql -e 'select relayi, reason, count(relayi) from logged where relayi like "12.%" group by relayi' spam +----------------+----------+---------------+ | relayi | reason | count(relayi) | +----------------+----------+---------------+ | 12.102.22.196 | honey | 1 | | 12.129.205.43 | accessdb | 3 | | 12.129.205.45 | accessdb | 2 | | 12.129.205.46 | accessdb | 7 | | 12.129.205.47 | norev | 6 | | 12.129.205.48 | norev | 4 | | 12.129.205.49 | norev | 1 | | 12.129.205.50 | accessdb | 15 | | 12.129.205.51 | honey | 4 | | 12.129.205.52 | accessdb | 4 | | 12.129.205.53 | accessdb | 20 | | 12.129.205.54 | honey | 1 | | 12.129.205.56 | norev | 2 | | 12.129.205.57 | norev | 3 | | 12.129.205.58 | honey | 1 | | 12.129.205.59 | accessdb | 3 | | 12.129.205.60 | accessdb | 2 | | 12.129.205.64 | honey | 2 | | 12.129.205.65 | honey | 1 | | 12.129.205.66 | accessdb | 4 | | 12.129.205.69 | honey | 1 | | 12.129.205.72 | accessdb | 5 | | 12.129.205.73 | honey | 16 | | 12.129.205.74 | accessdb | 2 | | 12.129.205.75 | honey | 1 | | 12.129.205.77 | norev | 3 | | 12.129.205.79 | accessdb | 3 | | 12.129.205.80 | accessdb | 4 | | 12.129.205.82 | accessdb | 3 | | 12.129.248.238 | honey | 2 | | 12.149.217.151 | norev | 1 | | 12.158.240.216 | honey | 2 | | 12.158.240.217 | honey | 2 | | 12.158.240.218 | honey | 1 | | 12.158.240.220 | honey | 1 | | 12.158.240.221 | honey | 8 | | 12.158.240.229 | honey | 3 | | 12.158.240.230 | honey | 4 | | 12.158.240.235 | honey | 5 | | 12.158.240.239 | honey | 6 | | 12.158.240.240 | honey | 8 | | 12.158.240.243 | honey | 22 | | 12.158.240.244 | honey | 6 | | 12.158.240.245 | honey | 1 | | 12.158.240.246 | honey | 1 | | 12.158.240.247 | honey | 2 | | 12.158.240.248 | honey | 12 | | 12.158.240.249 | honey | 12 | | 12.158.240.250 | honey | 6 | | 12.159.132.222 | norev | 1 | | 12.212.72.51 | honey | 2 | | 12.213.23.167 | honey | 1 | | 12.216.30.71 | honey | 1 | | 12.220.84.48 | honey | 1 | | 12.224.62.72 | accessdb | 1 | | 12.226.245.54 | honey | 1 | | 12.228.91.107 | honey | 1 | | 12.229.146.148 | honey | 1 | | 12.231.251.35 | honey | 1 | | 12.238.242.248 | honey | 1 | | 12.240.177.92 | honey | 1 | | 12.241.6.116 | norev | 1 | | 12.246.54.76 | accessdb | 1 | | 12.246.80.126 | honey | 1 | | 12.252.68.65 | honey | 1 | | 12.30.168.18 | honey | 1 | | 12.33.19.133 | honey | 1 | | 12.41.24.90 | honey | 1 | +----------------+----------+---------------+ On Fri, 24 Jan 2003 kai@pac-rim.net wrote: On 1/24/2003 at 2:40 AM, owner-nanog@merit.edu wrote:
Chris at UUNet help determine this is a rDNS issue. att.net seems to have started rejecting email from mail servers that don't have a proper reverse DNS entry. This is a good thing, even though it is causing me some problems at the moment. Thanks Chris.
-Jim P.
The question is: is that a knee-jerk reaction to them getting clobbered by spam, or maybe a knee-jerk reaction for receiving "too much" mail ABOUT their customers to abuse@att.net ? Example: 12.158.240.0/23, 12.42.172.0/22, 12.158.224.0/23, 12.158.234.0/23, 12.158.236.0/23: Jan 24 16:11:03 sonet sendmail[11117]: NOQUEUE: ruleset=check_relay, arg1=if1.dlyforyourinfo.com, arg2=12.158.240.237, relay=if1.dlyforyourinfo.com [12.158.240.237], reject=550 NETBLOCK for CBB/cotennet.com - access for jpmailer.com denied - perpetual mail to non-existing users - Spammers must die. Upon complaint re: this spamhaus continuing to connect here: The original message was received at Fri, 24 Jan 2003 16:11:09 -0500 (EST) from root@localhost ----- The following addresses had permanent fatal errors ----- abuse@att.net ----- Transcript of session follows ----- ... while talking to gateway2.att.net.: <<< 550 208.241.101.2 must be verifiable in DNS ... while talking to gateway3.att.net.:
QUIT <<< 550 208.241.101.2 must be verifiable in DNS ... while talking to gateway1.att.net.: QUIT <<< 550 208.241.101.2 must be verifiable in DNS 554 abuse@att.net... Service unavailable
(a temporary failure due to renumbering) Rejecting on broken or non-existing DNS will probably reject mail from more than 15% of all mail servers on the Internet - guaranteeing a false positive rate not even matched by the combined 6 DNSBL's I use - cumulative and with hard 5xx rejects. AT&T on the other hand, will use DNSBL's when the first snowball emerges from hell unscathed. Makes you wonder if noc@att.net is missing a lotta mail today - "gee, za eanternet w0rcks zplend1d todey, duznt eet!" - think of http://www.despair.com/ap24x30prin.html :) Last but not least, Level3's tolerance of spamming customers has nothing on AT&T's ignorance of reports of DoS attacks in the form of address forgery committed by their spamming customers, or on behalf of said customers, despite notifying them by fax of such activity. That, and the mindless blather you receive back from abuse@att.net on very rare occasions when you complain about their customers hitting your spamtraps (dead users, rejects): "please forward the header and full body of the spam you received". Next: "please call 1-900-ATT-ABUSEDESK, get charged $5 for the call, and use the authorization code given to you in the subject line of your complaint to guarantee that your message is not shoved into /dev/null" --mghali@snark.net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>