I happened to check my logs this evening and discovered that a spammer had tried to send one of my clients a few emails over the weekend. Only 100,000 or so. He was being blocked via an RBL, but that still takes up resources, so I manually blocked his IP address, as well as ran a ping -f -s 65507 on him for a while, and reported him to his ISP. The mail stopped about 5 minutes later, so I don't know what made the difference, it doesn't seem like his ISP could have reacted that fast, particularly on a Saturday evening.
Posted by
Jon Daley on
August 27, 2005, 6:34 pm
| Read 2321 times
Category
Internet:
[
first]
[
previous]
[
next]
[
newest]
I investigated further, and it turns out he is using e-mail software that is not standards compliant, and is getting confused by my mail server's rejection. The problem was that I was rejecting him too fast. Once I let him say who he was, who he wanted to send mail to, etc. he took the rejection much better, and has disappeared.
I guess that's what I get for having a spam filter that knows how to reject him before he opens his mouth.
I also discovered that xeex.com appears to some sort of ISP, with lots of ip addresses, all for spammers, and since they are so large it is hard to shut them down, I guess. Presumably they have lots of money, so some lawyer needs to sue them or something.
The downstream provider said the problem has been fixed, and he seems to be right - I can no longer connect to their machine via the smtp port, so perhaps they had gotten hacked into, and didn't mean to be running a mail server in the first place.