Recurring abuser

2005-12-01 Thread Casey King 
Title: Recurring abuser






My MailScanner boxes are still getting drilled with the Sober.Virus and spam (none which have made it through) from a single IP address. I did a lookup on dnsstuff.com for the address {66.243.13.178} but made no headway on what to do about this. What steps do I need to do in order to get this to stop? I haven't seen a degridation in mail processing, but seeing over 150 Sober infected emails, and countless spam each day is a bit annoying.

Re: Recurring abuser

2005-12-01 Thread Matt Kettler 
Casey King wrote:
 My MailScanner boxes are still getting drilled with the Sober.Virus and
 spam (none which have made it through) from a single IP address.  I did
 a lookup on dnsstuff.com for the address {66.243.13.178} but made no
 headway on what to do about this.  What steps do I need to do in order
 to get this to stop?  I haven't seen a degridation in mail processing,
 but seeing over 150 Sober infected emails, and countless spam each day
 is a bit annoying.
 
What MTA do you use? Sendmail?
/etc/mail/access:

66.243.13.178   550 virus flood from this system

Re: Recurring abuser

2005-12-01 Thread Steve Thomas 

 My MailScanner boxes are still getting drilled with the Sober.Virus and
spam (none which have made it through) from a single IP address.  I did
a lookup on dnsstuff.com for the address {66.243.13.178} but made no
headway on what to do about this.  What steps do I need to do in order
to get this to stop?  I haven't seen a degridation in mail processing,
but seeing over 150 Sober infected emails, and countless spam each day
is a bit annoying.

iptables, access.db, cisco acl, hosts.deny, smtp daemon config... choose
your poison..

Re: Recurring abuser

2005-12-01 Thread Evan Platt 

At 11:37 AM 12/1/2005, you wrote:

My MailScanner boxes are still getting drilled with the Sober.Virus 
and spam (none which have made it through) from a single IP 
address.  I did a lookup on dnsstuff.com for the address 
{66.243.13.178} but made no headway on what to do about this.  What 
steps do I need to do in order to get this to stop?  I haven't seen 
a degridation in mail processing, but seeing over 150 Sober infected 
emails, and countless spam each day is a bit annoying.



RTechHandle: ZB13-ARIN
RTechName:   Hostmaster
RTechPhone:  +1-512-427-3700
RTechEmail:  [EMAIL PROTECTED]

OrgTechHandle: 
http://ws.arin.net/whois/?queryinput=P%20%21%20FIR-ARINFIR-ARIN

OrgTechName:   Focal IP Request
OrgTechPhone:  +1-888-362-2522
OrgTechEmail:  [EMAIL PROTECTED]

Give them a call. :)