Mailing List SIMS@mail.stalker.com Message #14384
From: Aron S. Spencer <aron@r8ix.com>
Subject: RBL not catching spam?
Date: Mon, 29 Mar 2004 11:32:15 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Apple Mail (2.613)
When reporting a spam that got through to SpamCop, I noticed the following in the report:

82.166.26.217 listed in cbl.abuseat.org ( 127.0.0.2 )
82.166.26.217 is an open proxy

I have cbl.abuseat.org in my RBL list (third line down):

sbl-xbl.spamhaus.org "See <http://www.spamhaus.org/xbl/> Your server is blacklisted."
dnsbl.sorbs.net "See: <http://dnsbl.sorbs.net/> Your server is blacklisted."
cbl.abuseat.org "See: <http://cbl.abuseat.org/> Your server is blacklisted."
relays.ordb.org "See: <http://ordb.org/> Your server is blacklisted."
opm.blitzed.org "See: <http://opm.blitzed.org/> Your server is blacklisted."
dnsbl.njabl.org "See: <http://www.njabl.org/> Your server is blacklisted."
blackholes.easynet.nl "See: <http://blackholes.easynet.nl/> Your server is blacklisted."
dynablock.easynet.nl "See: <http://dynablock.easynet.nl/> Your server is blacklisted."
relays.visi.com "See: <http://relays.visi.com/> Your server is blacklisted."
argentina.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
brazil.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
cn-kr.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
hongkong.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
malaysia.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
mexico.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
nigeria.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
singapore.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
taiwan.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
thailand.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
turkey.blackholes.us "See: <http://www.blackholes.us/> Your server is blacklisted."
korea.services.net

and 127.0.0.2 is in my blacklist. In fact other stuff is being caught by that entry:

00:09:51 1 SMTP-941([210.203.54.34]) SPAM? Host is blacklisted per RBL taiwan.blackholes.us with result [127.0.0.2]

Here is the log entry for the spam in question (it seems to be the case on about 1/2 the spam that gets through, so this is only a representative case):

23:45:33 3 SMTP-370(NOON-BL31RUG96I) Failed to verify. Real address is [82.166.26.217:4665]
23:45:41 2 SMTP-370([82.166.26.217]) {S.0001662901} received, 1169 bytes


Aron S. Spencer
Elizabeth, NJ 07202

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster