annoying spammer via ppp lines at pacbell.net
William D. Colburn (aka Schlake)
wcolburn at nmt.edu
Tue Sep 17 21:27:34 GMT 2002
This is a heads up, though it might be belated for some of you.
Over the weekend someone from a pacbell PPP line connected to my mail
server and started trying to deliver email to "suspicious" addresses
following the pattern [-a-z0-9_][-a-z0-9_][-a-z0-9_]@nmt.edu. I can
imagine that soon he will move on the more complicated addresses with 4
tokens instead of 3. Sigh.
The sender was set statically as <mailman at postman2.seed.net.tw>, but he
recently starting using randomly generated address of the form
<xxxxxxxxxx at yahoo.com> (which x is a lowercase letter) that are a bit
harder to uniformly block.
I have gotten many thousands of these attempted emails since I noticed
it. I have sent complaint email to pacbell every time he has changed
ppp lines, but so far there he hasn't let up. I started blocking his
network access, but pacbell apparantly has a lot of address space, and
he kept getting a new IP in a new class C that I hadn't blocked yet. I
finally settled on a milter that refuses connections from hosts like
^ppp-.*\.pacbell\.net$ and it seems to be helping.
William Colburn, "Sysprog" <wcolburn at nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
More information about the unisog