annoying spammer via ppp lines at pacbell.net

William D. Colburn (aka Schlake) wcolburn at nmt.edu
Tue Sep 17 21:27:34 GMT 2002


This is a heads up, though it might be belated for some of you.

Over the weekend someone from a pacbell PPP line connected to my mail
server and started trying to deliver email to "suspicious" addresses
following the pattern [-a-z0-9_][-a-z0-9_][-a-z0-9_]@nmt.edu.  I can
imagine that soon he will move on the more complicated addresses with 4
tokens instead of 3.  Sigh.

The sender was set statically as <mailman at postman2.seed.net.tw>, but he
recently starting using randomly generated address of the form
<xxxxxxxxxx at yahoo.com> (which x is a lowercase letter) that are a bit
harder to uniformly block.

I have gotten many thousands of these attempted emails since I noticed
it.  I have sent complaint email to pacbell every time he has changed
ppp lines, but so far there he hasn't let up.  I started blocking his
network access, but pacbell apparantly has a lot of address space, and
he kept getting a new IP in a new class C that I hadn't blocked yet.  I
finally settled on a milter that refuses connections from hosts like
^ppp-.*\.pacbell\.net$ and it seems to be helping.


--
William Colburn, "Sysprog" <wcolburn at nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn



More information about the unisog mailing list