Mailing List SIMS@mail.stalker.com Message #15072
From: David C King <dck@the-wire.com>
Subject: Blacklisted IP block
Date: Sun, 28 Aug 2005 10:45:35 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
Hello

In my blacklist I have these IP blocks listed:

69.192.0.0-69.199.255.255
70.104.0.0-70.111.255.255
80.0.0.0-81.255.255.255

However, recently a spammer delivered mail to one of my users ... coming from one of the blacklisted IP blocks. [IP block 70.104.0.0-70.111.255.255 is blacklisted ... this scumbag used 70.106.119.41.]

14:15:20 5 SYSTEM {S.0001078875} in work, ref=602, nFresh=4
14:15:20 5 ROUTER Input: Jay(zillger.de)
14:15:20 5 ROUTER Parser: Jay@zillger.de -> Jay(zillger.de)
14:15:21 5 ROUTER Input: dilara(king-dom.org)
14:15:21 5 ROUTER Parser: dilara@king-dom.org -> dilara(king-dom.org)
14:15:21 3 SYSTEM The current date is Friday, July 22, 2005
14:15:21 5 ROUTER Input: dilara()
14:15:21 5 ROUTER Parser: dilara -> dilara()
14:15:21 5 SYSTEM {S.0001078880} created, ref=650, nFresh=5
14:15:21 2 SMTP-484(pool-70-106-119-41.pskn.east.verizon.net) {S.0001078875} received, 5217 bytes
14:15:21 3 SMTP-484(pool-70-106-119-41.pskn.east.verizon.net) Abort Received, reason=12169116
14:15:22 5 SYSTEM Scanning {S.0001078875}
14:15:22 5 SYSTEM Line Read: P I 22-07-2005 18:15:20 0000 zillger.de Jay
14:15:22 5 SYSTEM Line Read: R W 22-07-2005 18:15:21 0000 king-dom.org dilara
14:15:22 5 ROUTER Input: dilara(king-dom.org)
14:15:22 5 ROUTER Parser: dilara@king-dom.org -> dilara(king-dom.org)
14:15:22 5 ROUTER Input: dilara()
14:15:22 5 ROUTER Parser: dilara -> dilara()
14:15:22 5 SYSTEM Line Read:
14:15:22 5 SYSTEM Line Read: Received: from pool-70-106-119-41.pskn.east.verizon.net ([70.106.119.41] verified) by king-dom.org (Stalker SMTP Server 1.8b9d14)  with SMTP id S.0001078875 for <dilara@king-dom.org>; Fri, 22 Jul 2005 14:15:21 -0400
14:15:22 5 SYSTEM Line Read: Received: from [107.51.86.226] (port=4103 helo=[Solomon])    by pool-70-106-119-41.pskn.east.verizon.net with esmtp     id 2432451671Raymundo24658    for dilara@king-dom.org; Fri, 22 Jul 2005 14:15:24 -0400
14:15:22 5 SYSTEM Line Read: Mime-Version: 1.0
14:15:22 5 SYSTEM Line Read: Content-Transfer-Encoding: 7bit
14:15:22 5 SYSTEM Line Read: Message-Id: <576850964.6229416635@pool-70-106-119-41.pskn.east.verizon.net>
14:15:22 5 SYSTEM Line Read: Content-Type: text/plain; charset=US-ASCII
14:15:22 5 SYSTEM Line Read: To: dilara@king-dom.org
14:15:22 5 SYSTEM Line Read: From: Maurice <Jay@zillger.de>
14:15:22 5 SYSTEM Line Read: Subject: Your New Growth Stox Report
14:15:22 5 SYSTEM Line Read: Date: Fri, 22 Jul 2005 14:15:23 -0400
14:15:22 5 SYSTEM Line Read: X-Mailer: Majordomo x.x
14:15:22 5 SYSTEM Line Read:
14:15:22 2 SYSTEM [S.0001078875] <576850964.6229416635@pool-70-106-119-41.pskn.east.verizon.net> 0+1 From:Jay@zillger.de
14:15:22 4 SYSTEM [S.0001078875] submitted
14:15:22 5 SYSTEM delivering to local accounts
14:15:22 5 SYSTEM OSClose refNum=250
14:15:22 5 SYSTEM [S.0001078875] OSOpen refNum=666
14:15:22 5 SYSTEM [S.0001078875] reading: 5123 bytes at 94
14:15:22 5 SYSTEM Writing 662: 5211 bytes at 0
14:15:22 4 SYSTEM [S.0001078875] stored in 'dilara' at 0(+0)
14:15:22 2 SYSTEM(POP) [S.0001078875] delivered to (dilara)
14:15:22 5 SYSTEM checking modified files
14:15:22 5 SYSTEM OSClose refNum=666
14:15:22 2 SYSTEM [S.0001078875] deleted
14:15:22 5 SYSTEM delivering to local accounts
14:15:22 5 SYSTEM checking modified files

Obviously the blacklist didn't work.

I'm curious to figure out why it didn't work so that I can make sure that it does work the next time around.

Can anyone shed light on this?

Thanks

David
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster