Hello Stan Hoeppner, Am 2012-02-25 12:33:26, hacktest Du folgendes herunter: > That won't stop it all, and may cause FPs. Much better is a > header regex such as: > > /Received: from .*213.251.189.205/ > > The spam in this campaign is all originating from a [likely compromised] > OVH server at IP address 213.251.189.205: > > Received: from gw5.ovh.net (HELO 240plan.ovh.net) (213.251.189.205) > > $ grep -c 213.251.189.205 1-Debian-Users > 49
Unfortunately OVH is one of the biggest spam sender in Europe appart from 1&1. Normaly someone schould block the entired network, because <abuse> is absolutely inactive and give a fuck on complains. I have already used some script-kiddie scripts to stop some (maybe hijacked) IP blocks of OVH to send me several million spams. (I was able to kick-off/crash the spam servers) You can not even reach OVH by telephone in case of urgence. > Stan Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing <http://www.itsystems.tamay-dogan.net/> <http://www.debian.tamay-dogan.net/> itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/
signature.pgp
Description: Digital signature