On Tue, 2009-06-23 at 22:17 +0200, Arvid Picciani wrote: > >> It does make you wonder why they never seem to end up on any of the > >> spamhaus lists. Perhaps they are brilliant list washers ? > >> > > > > Same here - I see lots of these and they don't score on many lists. > > It might be an uneducated guess, but i also have some very annoying > hosts on the radar which i started blocking manually because they are on > neither spamhaus nor sorbs. > > > Yep, that looks familiar... > > > > # The Solo Networks 8.19.136.0 - 8.19.143.255 > > 8.19.136.0/21 REJECT > > > > # The Solo Networks 67.218.160.0 - 67.218.191.255 > > # 67.218.164.0/24 Surpass Solutions - cybersonicview.com > > # 67.218.173.0/24 X3 Hosting Systems > > # 67.218.180.0/24 LogiTech Interactive > > 67.218.160.0/19 REJECT > > > > My policy, I block the /24 straight away, and hits from 3 separate > > /24's earns a block for the whole netblock (as illustrated above). > > You are a man after my own heart - that's what I do! I notice this morning another 115 attempts from them overnight;
less /var/log/mail.info | grep localbl | wc -l 115 > > How did you indentify these blocks as spammers by the mail they send :-) Teeth Whitening for $100 -> Acai Power Slim etc. > and why doesnt spamhaus I've asked that in the past of Spamhaus and was openly abused by people running to their defence - even Steve Lindford himself. He called me a 'moron' (but he had just lost a Court Case so I forgive him). This was over the very block I highlighted yesterday, and I asked him why spamhaus was missing it. That must have been 4 months ago. Some U.K. providers (such as Fasthosts & Rackspace(UK)) never seem to get a listing for any of their ranges - which is interesting when you consider they are probably the largest providers of hosting in the UK and that Spamhaus hosts with one of them. I know that Barracuda have a 'paid' white list (in addition to the Mickey Mouse 'emailreg.org' thing they are selling). I wonder if Spamhaus offer a similar 'feature'. The only other logical explanation is that it is seriously lacking in missing this kind of trash. > do so? They claim to have the worst spammer organisations on their list. > I've got a whole list of Ips from india and korea which are on no list > but send spam regulary. I have to agree. I don't dispute that Spamhaus traps a lot of spam. What is of more technical interest is what they miss. Being suspicious by nature, it looks to be a bit too much to be a coincidence on occasions. > Should i care to investigate and maybe reject the the entire block? I'm > pretty new on hunting down sources. All I know is the whois databse > which is mostly useless for that purpose. There is a nice quirk. Whois the IP. A bad example of the output; whois 8.19.138.6 Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.255.255.255 The Solo Networks LVLT-SPIRE-4-8-19-136 (NET-8-19-136-0-1) 8.19.136.0 - 8.19.143.255 >From this I've blocked the lower line (Solo Networks) and my logs show overnight attempts from 8.19.136->143 over 100 times a night. That would be a serious amount of crap in an inbox in the morning. > > -- > Arvid > >