Any way...the problem was eluded to before, in fact the listings that caused this problem have always been there:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg13918.html
We shouldn't be trusting ISP mail servers. If isolated instances like this aren't enough, consider that others such as swbell.net have been tagged as a multistage open relay, and it appears that this might be correct based on the following:
http://groups.google.com/groups?scoring=d&q=151.164.30.28+group:*abuse*
That server has been relaying spam since July of 2000, and the reports might be attributed to this server also handling forwarding. I have to look at this further, but I want to go and play with my choo-choo train and Tickle Me Elmo that Santa brought me. The presents that the spammers brought me won't be opened until tomorrow :)
Matt
R. Scott Perry wrote:
I just noticed a caught spam that shows the Web-O-Trust filter being triggered. This is the filter that I think Bill posted after running the program on the site.
Have you checked the filter file to see what IP range matched? The two things to look for are [1] the site that listed the IP (if there is a rogue site, we all need to know -- this is pretty quick for a spammer to get into it), and [2] a poor IP range (someone accidentally adding "192.0.2.0/8", confusing /24 and /8), which would whitelist too large an area.
-Scott
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
