ed.truitt at etee2k.net
Wed Oct 29 12:57:48 GMT 2003
KennethSoong at tagtechnology.com.sg wrote:
> I seem notice a particular spammer from IP range of 220.127.116.11/16 using
>our MS Exchanger 2000 Server to relay their emails. Can anyone tell me who
>this people are. I tried ping, tracert and even checking whois database but
>each it return error or no record.
I tried WHOIS, and got the following info:
inetnum: 18.104.22.168 - 22.214.171.124
descr: DISHNETDSL LTD
descr: 19, Cathedral Garden Road
changed: hostmaster at apnic.net 20000321
changed: hostmaster at apnic.net 20000927
changed: hm-changed at apnic.net 20020612
status: ALLOCATED PORTABLE
role: DISHNET IP Hostmaster
address: DishnetDSL Limited
address: 19, Cathedral Garden Road
address: Chennai, 600 034
phone: +91-44-825 6201
phone: +91-44-825 6149
phone: +91-44-826 9801
fax-no: +91-44-825 7477
e-mail: ip-admin at ddsl.net
trouble: Network abuse issues and SPAM complaints
trouble: should be sent to abuse at eth.net
remarks: role object for Dishnet IP Administrators
notify: ip-admin at ddsl.net
changed: bbreddy at ddsl.net 20020530
So, you should be able to forward the entire email in question
(including headers) or the relevant log extracts to abuse at eth.net and
hopefully get some response.
Now, to look at this from another perspective: why do you allow IPs
from outside your network to use your Exchange server as a relay? I do
happen to know that the current version of Exchange does allow for
preventing such use (anonymous relay), and the last batch of MSFT
security bulletins included 1 against Exchange, which could lead to DoS
or even worse execution of arbitrary code. I would give very serious
thought to securing that box if I were you.
Just my $0.02, and doing my part to make the 'Net a safer (or less
dangerous, anyway) place.
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
More information about the list