Mailing List SIMS@mail.stalker.com Message #15131
From: Warren Michelsen <Warren@MDCCLXXVI.com>
Subject: Spambot, Right?
Date: Wed, 21 Sep 2005 16:08:15 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>
This does not appear to be the behavior of a legitimate MTA:

20:28:56 1 SMTP-889([24.14.235.89]) SPAM? Recipient '<blah@blah>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org"
20:28:56 1 SMTP-890([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4]
20:28:57 1 SMTP-890([24.14.235.89]) SPAM? Recipient '<blah@blah>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org"
20:28:57 1 SMTP-891([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4]
20:28:57 1 SMTP-891([24.14.235.89]) SPAM? Recipient '<blah@blah>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org"
20:28:57 1 SMTP-892([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4]
20:28:58 1 SMTP-892([24.14.235.89]) SPAM? Recipient '<blah@blah>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org"
20:28:58 1 SMTP-893([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4]
20:28:58 1 SMTP-893([24.14.235.89]) SPAM? Recipient '<blah@blah>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org"
20:28:58 1 SMTP-894([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4]
20:28:59 1 SMTP-894([24.14.235.89]) SPAM? Recipient '<blah@blah>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org"


blah@blah replaces the actual recipient but the recipient is the same in all instances. IOW, six simultaneous connections from the same IP address to send to the same recipient. Looks like a spambot to me.

Probably a good reason it's in sbl-xbl. Or could this be legit?

24.14.235.89 is c-24-14-235-89.hsd1.il.comcast.net.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster