![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Advance filtering (spammer to be).
KronaTech
pobox.spamcop at kronatech.net
Mon Jun 14 01:50:38 EDT 2004
Just happened to peek at my server logs a little while ago and saw this
relay attept from 'Microsoft Headquarters in China'... you might want to ad
this address to your filters before the next round of spam from this domain.
It's only one of many, I know, but I just happened to see it in my log today
and it passed all the BL checks (including SC) so - here it is...
For those who don't understand the log, the relay seeker is: 218.162.187.23
(hinet.net)
<START>
Sun 2004-06-13 19:54:25: [512:16:1] Accepting SMTP connection from
[218.162.187.23 : 3796]
Sun 2004-06-13 19:54:25: [512:16:1] Looking up PTR record for 218.162.187.23
(23.187.162.218.IN-ADDR.ARPA)
Sun 2004-06-13 19:54:25: [512:16:1] D=23.187.162.218.IN-ADDR.ARPA TTL=(1363)
PTR=[218-162-187-23.dynamic.hinet.net]
Sun 2004-06-13 19:54:25: [512:16:1] Gathering A-records for PTR hosts
Sun 2004-06-13 19:54:25: [512:16:1] D=218-162-187-23.dynamic.hinet.net
TTL=(1408) A=[218.162.187.23]
Sun 2004-06-13 19:54:25: [512:16:1] --> 220 kronatech.net ESMTP MDaemon
6.8.5; Sun, 13 Jun 2004 19:54:25 -0700
Sun 2004-06-13 19:54:25: [512:16:1] <-- HELO 24.71.238.249
Sun 2004-06-13 19:54:25: [512:16:1] --> 250 kronatech.net Hello
24.71.238.249 (may be forged), pleased to meet you
Sun 2004-06-13 19:54:26: [512:16:1] <-- MAIL FROM: <support at microsoft.com>
Sun 2004-06-13 19:54:26: [512:16:1] Performing reverse lookup on
microsoft.com (looking for 218.162.187.23)
Sun 2004-06-13 19:54:26: [512:16:1] D=microsoft.com TTL=(19)
A=[207.46.250.119]
Sun 2004-06-13 19:54:26: [512:16:1] P=010 D=microsoft.com TTL=(15)
MX=[mailc.microsoft.com]
Sun 2004-06-13 19:54:26: [512:16:1] P=010 D=microsoft.com TTL=(15)
MX=[mailb.microsoft.com]
Sun 2004-06-13 19:54:26: [512:16:1] P=010 D=microsoft.com TTL=(15)
MX=[maila.microsoft.com]
Sun 2004-06-13 19:54:26: [512:16:1] D=mailc.microsoft.com TTL=(15)
A=[131.107.3.126]
Sun 2004-06-13 19:54:26: [512:16:1] D=mailb.microsoft.com TTL=(15)
A=[131.107.3.122]
Sun 2004-06-13 19:54:26: [512:16:1] D=maila.microsoft.com TTL=(15)
A=[131.107.3.125]
Sun 2004-06-13 19:54:26: [512:16:1] Spam Blocker is checking 218.162.187.23
(connecting IP)
Sun 2004-06-13 19:54:26: [512:16:1] * relays.ordb.org - passed
Sun 2004-06-13 19:54:27: [512:16:1] * bl.spamcop.net - passed
Sun 2004-06-13 19:54:27: [512:16:1] * sbl-xbl.spamhaus.org - passed
Sun 2004-06-13 19:54:27: [512:16:1] Spam Blocker is finished
Sun 2004-06-13 19:54:27: [512:16:1] --> 250 <support at microsoft.com>, Sender
ok
Sun 2004-06-13 19:54:27: [512:16:1] <-- RCPT TO: <support at microsoft.com>
Sun 2004-06-13 19:54:28: [512:16:1] Sender attempted to deliver message to
unknown address
Sun 2004-06-13 19:54:28: [512:16:1] --> 550 <support at microsoft.com>,
Recipient unknown
Sun 2004-06-13 19:54:28: [512:16:1] Socket connection closed by the other
side (how rude!)
Sun 2004-06-13 19:54:28: [512:16:1] SMTP session abnormally terminated, 90
bytes transferred.
<END>
-K
More information about the SpamCop-List
mailing list