annoying spammer via ppp lines at

William D. Colburn (aka Schlake) wcolburn at
Tue Sep 17 21:27:34 GMT 2002

This is a heads up, though it might be belated for some of you.

Over the weekend someone from a pacbell PPP line connected to my mail
server and started trying to deliver email to "suspicious" addresses
following the pattern [-a-z0-9_][-a-z0-9_][-a-z0-9_]  I can
imagine that soon he will move on the more complicated addresses with 4
tokens instead of 3.  Sigh.

The sender was set statically as <mailman at>, but he
recently starting using randomly generated address of the form
<xxxxxxxxxx at> (which x is a lowercase letter) that are a bit
harder to uniformly block.

I have gotten many thousands of these attempted emails since I noticed
it.  I have sent complaint email to pacbell every time he has changed
ppp lines, but so far there he hasn't let up.  I started blocking his
network access, but pacbell apparantly has a lot of address space, and
he kept getting a new IP in a new class C that I hadn't blocked yet.  I
finally settled on a milter that refuses connections from hosts like
^ppp-.*\.pacbell\.net$ and it seems to be helping.

William Colburn, "Sysprog" <wcolburn at>
Computer Center, New Mexico Institute of Mining and Technology

More information about the unisog mailing list