![]() anybody else seeing a truly massive uptick in backscatter spam today? I'm getting killed right now.
|
|
![]() Notta lot on the work side of things...
But my personal server... whoa begeezuz! --
greg@gregfolkert.net PGP key 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C |
|
![]() that's good. Looks like a lot of mail servers have been compromised by someone; from what I can see most of the hosts sending me this stuff are legit mail servers.
Wish people would learn to keep up with their patches. And yeah... oh shit is about the right way to put it. It's completely off the hook out there today. Edit: I might add, from what I see, looks like mostly postfix and microsoft, with a sprinkling of exim. |
|
![]() and Exim are usually used as forwarders... I'm betting that is what the case you are seeing, as I'm seeing them being used a "smart hosts" for things not handle-able by "Microsoft stuff (just saying) where as the ESMTP stuff I'm seeing from Microsoft servers seems to have the header all coming from it or directly clients of it. (AKA Exchange servers for companies).
I'm seeing a lot lot lot lot of "hosted" exchange servers... this exacerbates the issue. One fer instance "Wholesale Internet" (AS32097) hosts a TON of subs like; AS33387 Schedeline Prospere... http://whois.arin.ne...T-204-12-225-64-1 I saw multiple e-mail servers... backscatter spam from that block. I believe many hosted systems are a put in and forget setup. Yeah it sucks. --
greg@gregfolkert.net PGP key 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C |
|
![]() from that block as well. Lots from china, taiwan, russia, brazil too. But it's the North American ones that really suck; we have to score them low and there are fewer choke points between them and us to slow them down.
|