Kris
New Member
I avoid making new topics. But while Biloh is at WHT spouting bullshit about cleaning up, spam is getting worse.
When migrating and setting up a new server tonight that had spam issues previously, I had SpamHaus and BarracudaCentral enabled and decided to see what got through if it needed further tweaking.
First spam to slip through? The new IP collector AS of ColoCrossing, B2 Net Solutions - now featuring almost 250,000 IPs!
Guess they had issues getting new IPs on their other ASN
Still collecting, I see them in the ARIN lists for getting new prefixes.
http://bgp.he.net/AS55286#_prefixes
2014-07-30 17:19:49 1XCe64-000471-Cj <= [email protected] H=26.sonnexes.us (amarned.us) [23.229.57.X]:53518 P=esmtp S=3136 [email protected] T="FHA refinance: it may help you save money" for
Guess they're shifting things to the new IP collecting brand & ASN to get off Spamhaus's bad graces under their normal ASN.
By the way, if you wonder why they don't mind spammers? Not the spam, per se. They're simply info gathering to justify to ARIN / give customer names. Probably a /29 request for each or more.opcorn:
Hint: They need all the names they can to get more IPs from ARIN, duh.
Saving time and asking for the client's authorization to simply block both ASN's outright to solve their spam issue.
Nothing of value resides on that network, it's like avoiding a bad area of Detroit... or Chicago IMO.
As I was wrapping this post up, take a guess at the second source that slipped through under Spamhaus and Barracuda Networks RBL?
ColoCrossing CC-12 (NET-192-227-128-0-1) 192.227.128.0 - 192.227.255.255
New Wave NetConnect, LLC CC-192-227-244-224-27 (NET-192-227-244-224-1) 192.227.244.224 - 192.227.244.255
I hate you guys. I really fucking do.
Signed,
Everyone Not In a Business Relationship With You
When migrating and setting up a new server tonight that had spam issues previously, I had SpamHaus and BarracudaCentral enabled and decided to see what got through if it needed further tweaking.
First spam to slip through? The new IP collector AS of ColoCrossing, B2 Net Solutions - now featuring almost 250,000 IPs!
Guess they had issues getting new IPs on their other ASN
Still collecting, I see them in the ARIN lists for getting new prefixes.http://bgp.he.net/AS55286#_prefixes
2014-07-30 17:19:49 1XCe64-000471-Cj <= [email protected] H=26.sonnexes.us (amarned.us) [23.229.57.X]:53518 P=esmtp S=3136 [email protected] T="FHA refinance: it may help you save money" for
Guess they're shifting things to the new IP collecting brand & ASN to get off Spamhaus's bad graces under their normal ASN.
By the way, if you wonder why they don't mind spammers? Not the spam, per se. They're simply info gathering to justify to ARIN / give customer names. Probably a /29 request for each or more.
opcorn: Hint: They need all the names they can to get more IPs from ARIN, duh.
Saving time and asking for the client's authorization to simply block both ASN's outright to solve their spam issue.
Nothing of value resides on that network, it's like avoiding a bad area of Detroit... or Chicago IMO.
As I was wrapping this post up, take a guess at the second source that slipped through under Spamhaus and Barracuda Networks RBL?
ColoCrossing CC-12 (NET-192-227-128-0-1) 192.227.128.0 - 192.227.255.255
New Wave NetConnect, LLC CC-192-227-244-224-27 (NET-192-227-244-224-1) 192.227.244.224 - 192.227.244.255
I hate you guys. I really fucking do.
Signed,
Everyone Not In a Business Relationship With You
