Date: Sat, 11 Dec 2010 00:47:33 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Chris Brennan <xaero@xaerolimit.net> Cc: freebsd-questions@freebsd.org Subject: xpbargains.net spam [was: Re: 'Broadcom Wireless b/g (BCM4315/BCM22062000)'] Message-ID: <20101211002225.D61647@sola.nimnet.asn.au> In-Reply-To: <20101210060704.A3B641065783@hub.freebsd.org> References: <20101210060704.A3B641065783@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 340, Issue 11, Message: 27 On Fri, 10 Dec 2010 00:54:37 -0500 > On Sun, Nov 7, 2010 at 9:54 AM, Paul B Mahol <onemda@gmail.com> wrote: No, he didn't. These mails are FORGED as being from freebsd-questions participants, and on first glance may appear to be list postings. They used to get posted to the list itself also, but postmaster@ blocked the nuisance source back in August. However that doesn't stop them from targetting individual list participants, like you. If you examine the full mail headers, it's likely to have originated from the following IP address. If so, you just need to block that address at your mailserver. But if they've moved, we need to know .. Quoting from a message to postmaster@ in August: > As Roland pointed out, the phishing/virus/whatever referral has switched > from downwind.com.au to xpbargains.net, and possibly some others. > > Here's the business: > > % dig +short -x 64.38.11.26 > allmail.0b2.net. > % dig +short allmail.0b2.net. > 64.38.11.26 > % dig +short dusk.parklogic.com > 64.38.11.26 > > If you can discard by Message-ID then every one of these, including the > privately mailed ones, has @dusk.parklogic.com there. > > If you can block by IP, then that's the one. Or by hostname, every one > so far has been relayed by allmail.0b2.net (that's a zero). So if the full headers reveal coming from that hostname or that IP or any other IP in 64.38.11.26/29, just block that and move on. If it's a different address range now, please provide the full headers for the message you received, with a copy to postmaster@freebsd.org Thanks, Ian (please cc me on any reply, I take this list as a digest)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101211002225.D61647>