The worst abuse e-mail ever, sverige.net
This is the rudest, most arrogant abuse complaint I have seen. It is a frigging dial up user. james ----- Original Message ----- From: <RBL> To: <ruthe_herrera@wanadoo.fr> Cc: <postmaster@65.19.17.201>; <postmaster@sf-du401.cybermesa.com>; <postmaster@cybermesa.com>; <abuse@cybermesa.com> Sent: Sunday, September 19, 2004 12:32 PM Subject: Email is in RBL _ DENIED _ (by bl.spamcop.se from ruthe_herrera@wanadoo.fr reason Sending IP 65.19.17.201 support SPAM )
You have sent a message that has been stopped! This is because of your sending e-mailserver being listed in an anti spam database. You should probably alert your email administrator and/or your ISP and send this email along to him.
The only reason a serious ISP or email administers would be on such a list is that he do not yet know about it being listed. Otherwise he would already have fixed the wrongfully configured server. Or he terminated the contract with the offending customer that put him on that list.
We have also tried to send this letter on the following standardized addresses: ======================= postmaster@65.19.17.201 postmaster@sf-du401.cybermesa.com postmaster@cybermesa.com abuse@cybermesa.com =======================
But very often administrators that don't know how to configure a secure mailserver, don't know that they have to implement these system addresses either. And we feel that you will probably get better results if you call or send this your self.
Most responses we get are about the spelling and grammar from postmasters and administrators. They are usually angry that we have made their customers aware about their problems. This is kind of silly as the Information given is easy to understand anyway, and we could have sent the letter in correct Swedish instead.
But as our purpose in sending this is neither to make it unreadable nor to make it offensive to anyone. Our purpose is to inform about systems being misused or miss configured so that the administrators gets a fair chance to fix their servers.
So if you're an administrators please don't get angry just fix your email servers and we will be happy to relay your messages again. As a result your customers will be happy and you will get less angry calls and letters making you happy as well.
The few administrators, postmasters and ISP's that just don't give a damn, will probably be noticed by their customers anyway. As these letters will keep arriving although they are probably just a very small part of the end users problems.
Please send any comments to postmaster@sverige.net
Date time = 2004-09-19 18:32:03 Subject = Our promise: to save you money on your medication. CMHSO Message-ID = <868612222822.u8KNRNC38686@pan.mail.tpnet.pl> rcipient = a-0914@mailbox.sverige.net rbl list = bl.spamcop.se ErrorMessage = 542 Rejected - see http://spamcop.net/w3m?action=checkblock&ip=65.19.17.201 Reason = Sending IP 65.19.17.201 support SPAM Denied IP = 65.19.17.201
Message Source 10 lines ======================= Received: from [65.19.17.201] by mailbox.sverige.net (JPHS RBL mail from ruthe_herrera@wanadoo.fr) with SMTP id for a-0914@mailbox.sverige.net; Sun, 19 Sep 2004 20:31:59 +0200 Received: from coalesce.mail.tpnet.pl by 62.13.25.2; Sun, 19 Sep 2004 19:30:58 -0200 To: <joakim.andersson@sverige.net> From: anthony roop <anthony.roop@tpnet.pl> Reply-To: <roop_anthony@tpnet.pl> Subject: Our promise: to save you money on your medication. CMHSO Date: Sun, 19 Sep 2004 16:31:58 -0500 Message-ID: <868612222822.u8KNRNC38686@pan.mail.tpnet.pl> MIME-Version: 1.0 Content-Type: multipart/mixed; Content-Transfer-Encoding: 7bit X-Priority: 3 X-Mailer: PocoMail 2.61 (1055) - Licensed Version X-jphspassrblrun: 1
=======================
on Tue, Sep 21, 2004 at 10:16:52AM -0600, james edwards wrote:
This is the rudest, most arrogant abuse complaint I have seen. It is a frigging dial up user.
I'm confused. Your user on 65.19.17.201 - a dialup user, probably running an infected Windows box, sent spam to the complainant, who figured out who to complain to, explained in great detail (and in English) that well, it shouldn't have happened if you'd had any clue whatsoever, and had blocked outbound port 25 connections from your own users (or at the very least those users of yours who are listed in DNSBLs for spamming or relaying!) and you think he's being /arrogant/? Christ, I'd say he's being helpful. Get over yourself and /fix your own network/. Deal with the frigging complaint, and STFU. I already waste /way/ too much time dealing with equally stupid and/or lazy network/mail admins who won't frigging fix their own networks, and doesn't blame the complainant one frigging bit. Currently, I'm dealing with the backscatter bounces from three concurrent joe jobs, sent by such laughably broken spamware that I'm /amazed/ any of it was accepted in the first place, much less accepted and /then backscattered to me, the victim/ because of still more misconfigured/idiotic antivirus stupidity. Sheesh. Get over /yourself/. Your network is rude by its very existence, if it lets spammers relay crud by way of it. Your own arrogance in thinking it's not your problem to fix is astounding. Please don't bother to reply; it will take time away from fixing your network. Steve -- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
Sheesh. Get over /yourself/. Your network is rude by its very existence, if it lets spammers relay crud by way of it. Your own arrogance in thinking it's not your problem to fix is astounding.
I did no say it is not my problem, we have a 10 year history of being very pro-active for all abuse issues and have a dedicated staff person to deal with these issues. Slaming my mail admin because a dial up user has a virus is rude, period. Our dial up address space is listed, if people choose to block mail from that space. james
on Tue, Sep 21, 2004 at 11:00:53AM -0600, james edwards wrote:
Sheesh. Get over /yourself/. Your network is rude by its very existence, if it lets spammers relay crud by way of it. Your own arrogance in thinking it's not your problem to fix is astounding.
I did no say it is not my problem, we have a 10 year history of being very pro-active for all abuse issues and have a dedicated staff person to deal with these issues.
OK, then, perhaps you can explain why I have received backscatter from web.cybermesa.com [65.19.6.7] or why even though I got spam from sf-du170.cybermesa.com [209.12.75.170] back in October 2001, and from sf-du201.cybermesa.com [209.12.75.201] in February 2002, you still haven't blocked outbound port 25 traffic from those obviously vulnerable hosts? http://groups.google.com/groups?num=50&hl=en&lr=&ie=UTF-8&newwindow=1&safe=off&c2coff=1&q=group%3Anews.admin.net-abuse.*+cybermesa.com&btnG=Search Looks like you've got an ongoing problem with those dialup ranges.
Slaming my mail admin because a dial up user has a virus is rude, period.
Nope. Sorry. Emitting spam/viruses or backscatter even though you know you (or your users) have a problem, expecting everyone else to block your network, and whining when someone has the gall to call you on it - that's rude. Of course, it's pretty common, but that doesn't make it any less rude.
Our dial up address space is listed, if people choose to block mail from that space.
I'm curious - where is it listed? I don't see anything on your Web site that even suggests a place to go looking for abuse/helpdesk/support info. Much less a banner inviting more responsible mail admins to block your listed netblocks.... Will a regex of [a-z]+[0-9]*\-du[0-9]+\.cybermesa\.com block all of your dialup ranges by rDNS? What about your DSL and ISDN ranges? How are they named? Consistently, I hope. And of course I also hope they resolve back-and-forwards to the IP, so spam/viruses don't squeak through sendmail due to being "possibly forged". Why aren't they named so that sendmail and other MTAs can block your dynamic ranges by RHS in access.db, instead of having to use regexes? Hint: blah-1-2.dynamic.cybermesa.com or blah-3.4.dialup.cybermesa.com or foo-5-6-7-8.dsl.cybermesa.com makes this much less annoying and difficult, and conveys the same information as sf-du120.cybermesa.com. I apologize if I offended you personally, I intended to do it professioanlly. Steve -- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
On Tue, 21 Sep 2004, james edwards wrote:
I did no say it is not my problem, we have a 10 year history of being very pro-active for all abuse issues and have a dedicated staff person to deal with these issues. Slaming my mail admin because a dial up user has a virus is rude, period. Our dial up address space is listed, if people choose to block mail from that space.
Listed where? I don't see it jumping out anywhere on your web site or in any common/free DNSBL and the way your rDNS is setup isn't doing anyone any favors. 201.10.19.65.in-addr.arpa name = albq-du201.cybermesa.com. 201.16.19.65.in-addr.arpa name = sf-du201.cybermesa.com. The more primitive MTAs need you do be doing something like albq-201.du.cybermesa.com. Then they can be setup to reject du.cybermesa.com, which will reject .*\.du\.cybermesa\.com. And if you think their message was rude, just try to imagine the crap people send _to_ DNSBLs. It makes the message from the Swedes seem like they were kissing your @$$. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Listed where? I don't see it jumping out anywhere on your web site or in any common/free DNSBL and the way your rDNS is setup isn't doing anyone any favors.
We were a MAPS customer/user for a number of years and were listed then and I see we are not now. We will be listed again, shortly. james
participants (3)
-
james edwards
-
Jon Lewis
-
Steven Champeon