I happened to check my logs this evening and discovered that a spammer had tried to send one of my clients a few emails over the weekend. Only 100,000 or so. He was being blocked via an RBL, but that still takes up resources, so I manually blocked his IP address, as well as ran a ping -f -s 65507 on him for a while, and reported him to his ISP. The mail stopped about 5 minutes later, so I don't know what made the difference, it doesn't seem like his ISP could have reacted that fast, particularly on a Saturday evening.
Posted by Jon Daley on August 27, 2005, 6:34 pm | Read 1985 times
Category Internet: [first] [previous] [next] [newest]
Figured out a bit about this spammer, since although he stopped for a while, and one registrar did remove his hostname (and thus the spam isn't worth much, since it directs you to a non-existent page), I have continued to get a couple connections per second today.
I investigated further, and it turns out he is using e-mail software that is not standards compliant, and is getting confused by my mail server's rejection. The problem was that I was rejecting him too fast. Once I let him say who he was, who he wanted to send mail to, etc. he took the rejection much better, and has disappeared.
I guess that's what I get for having a spam filter that knows how to reject him before he opens his mouth.
I also discovered that xeex.com appears to some sort of ISP, with lots of ip addresses, all for spammers, and since they are so large it is hard to shut them down, I guess. Presumably they have lots of money, so some lawyer needs to sue them or something.
Posted by jondaley on August 29, 2005, 6:05 pm

Well, an apology to xeex.com is in order. They got back to me tonight, saying that I need to talk to their downstream provider, planetaryhosting.net. I told him I already had, so he called them up.
The downstream provider said the problem has been fixed, and he seems to be right - I can no longer connect to their machine via the smtp port, so perhaps they had gotten hacked into, and didn't mean to be running a mail server in the first place.
Posted by jondaley on August 29, 2005, 10:48 pm
Add Comment
Add comment
E-mail me when comments occur on this article