From owner-freebsd-isp  Mon May 25 14:30:55 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA08546
          for freebsd-isp-outgoing; Mon, 25 May 1998 14:30:55 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from roble.com (roble.com [207.5.40.50])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA08541
          for <isp@freebsd.org>; Mon, 25 May 1998 14:30:52 -0700 (PDT)
          (envelope-from sendmail@roble.com)
Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id OAA05640; Mon, 25 May 1998 14:30:32 -0700 (PDT)
Date: Mon, 25 May 1998 14:30:32 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: Karl Pielorz <kpielorz@tdx.co.uk>
cc: isp@FreeBSD.ORG
Subject: Re: SMTP Relay probing - Should I follow up - advice?
In-Reply-To: <199805251511.IAA02882@hub.freebsd.org>
Message-ID: <Pine.SUN.3.96.980525135111.5127J-100000@roble.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 25 May 1998, Jonathan M. Bresler wrote:
> 	why dont you tell su where the scans came from
> 	we can all block connects from that range of ip addresses,
> 	if it proves to be a spammers dedicated ip address range

We see these from time to time too.  The most you can do without risk
of over-reacting is follow-up with a note to the upstream provider.
Typically they'll have an "abuse" account i.e., abuse@mci.net
specifically for this.

If that doesn't stop the probing then it's only due diligence to add
them to your filters, either within sendmail 8.85+ or at the router
(you DO have both don't you?).

Here are a few worthy of note:

	141.63.64.94   phf hacker, scanner
	199.203.214    Elron Technologies (NETBLK-ELRON-C-BLK1)
	202.217.200    INTELLIGENT TELECOM INC, ad.jp
	204.157.255    Harris Marketing (NETBLK-SAVOYNET-BLK-204-157), AGIS/Net99
	205.231.112    UUNET Technologies, Inc. (NETBLK-UUNETCBLK228)
	205.240.148    Phoenix Data Systems (NETBLK-SPRINT-CDF097)
	206.50.195     DMPL Infomart - Dallas (NETBLK-ONRAMP-DMPL) ONRAMP-DMPL
	207.14.174.51  Globalkey, Inc. (NETBLK-SPRINT-CF0EAF)
	208.199.92.16  Publicity Providers, Inc. (NETBLK-UU-208-199-92)

Roger Marquis


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message