nanog mailing list archives

Re: att.net email issues?

From: just me <matt () snark net>
Date: Fri, 24 Jan 2003 15:27:56 -0800 (PST)



No kidding, dude. I've only been keeping track for a few weeks. Is
anyone awake behind the wheel over there?


matt@pants:~$ mysql -e 'select count(relayi) from logged where relayi
like "12.%" ' spam
+---------------+
| count(relayi) |
+---------------+
|           249 |
+---------------+


matt@pants:~$ mysql -e 'select relayi, reason, count(relayi) from
logged where relayi like "12.%" group by relayi' spam
+----------------+----------+---------------+
| relayi         | reason   | count(relayi) |
+----------------+----------+---------------+
| 12.102.22.196  | honey    |             1 |
| 12.129.205.43  | accessdb |             3 |
| 12.129.205.45  | accessdb |             2 |
| 12.129.205.46  | accessdb |             7 |
| 12.129.205.47  | norev    |             6 |
| 12.129.205.48  | norev    |             4 |
| 12.129.205.49  | norev    |             1 |
| 12.129.205.50  | accessdb |            15 |
| 12.129.205.51  | honey    |             4 |
| 12.129.205.52  | accessdb |             4 |
| 12.129.205.53  | accessdb |            20 |
| 12.129.205.54  | honey    |             1 |
| 12.129.205.56  | norev    |             2 |
| 12.129.205.57  | norev    |             3 |
| 12.129.205.58  | honey    |             1 |
| 12.129.205.59  | accessdb |             3 |
| 12.129.205.60  | accessdb |             2 |
| 12.129.205.64  | honey    |             2 |
| 12.129.205.65  | honey    |             1 |
| 12.129.205.66  | accessdb |             4 |
| 12.129.205.69  | honey    |             1 |
| 12.129.205.72  | accessdb |             5 |
| 12.129.205.73  | honey    |            16 |
| 12.129.205.74  | accessdb |             2 |
| 12.129.205.75  | honey    |             1 |
| 12.129.205.77  | norev    |             3 |
| 12.129.205.79  | accessdb |             3 |
| 12.129.205.80  | accessdb |             4 |
| 12.129.205.82  | accessdb |             3 |
| 12.129.248.238 | honey    |             2 |
| 12.149.217.151 | norev    |             1 |
| 12.158.240.216 | honey    |             2 |
| 12.158.240.217 | honey    |             2 |
| 12.158.240.218 | honey    |             1 |
| 12.158.240.220 | honey    |             1 |
| 12.158.240.221 | honey    |             8 |
| 12.158.240.229 | honey    |             3 |
| 12.158.240.230 | honey    |             4 |
| 12.158.240.235 | honey    |             5 |
| 12.158.240.239 | honey    |             6 |
| 12.158.240.240 | honey    |             8 |
| 12.158.240.243 | honey    |            22 |
| 12.158.240.244 | honey    |             6 |
| 12.158.240.245 | honey    |             1 |
| 12.158.240.246 | honey    |             1 |
| 12.158.240.247 | honey    |             2 |
| 12.158.240.248 | honey    |            12 |
| 12.158.240.249 | honey    |            12 |
| 12.158.240.250 | honey    |             6 |
| 12.159.132.222 | norev    |             1 |
| 12.212.72.51   | honey    |             2 |
| 12.213.23.167  | honey    |             1 |
| 12.216.30.71   | honey    |             1 |
| 12.220.84.48   | honey    |             1 |
| 12.224.62.72   | accessdb |             1 |
| 12.226.245.54  | honey    |             1 |
| 12.228.91.107  | honey    |             1 |
| 12.229.146.148 | honey    |             1 |
| 12.231.251.35  | honey    |             1 |
| 12.238.242.248 | honey    |             1 |
| 12.240.177.92  | honey    |             1 |
| 12.241.6.116   | norev    |             1 |
| 12.246.54.76   | accessdb |             1 |
| 12.246.80.126  | honey    |             1 |
| 12.252.68.65   | honey    |             1 |
| 12.30.168.18   | honey    |             1 |
| 12.33.19.133   | honey    |             1 |
| 12.41.24.90    | honey    |             1 |
+----------------+----------+---------------+


On Fri, 24 Jan 2003 kai () pac-rim net wrote:


  On 1/24/2003 at 2:40 AM, owner-nanog () merit edu wrote:


  > Chris at UUNet help determine this is a rDNS issue.  att.net seems to have
  > started rejecting email from mail servers that don't have a proper reverse
  > DNS entry.  This is a good thing, even though it is causing me some problems
  > at the moment.  Thanks Chris.

  > -Jim P.

  The question is: is that a knee-jerk reaction to them getting clobbered by
  spam, or maybe a knee-jerk reaction for receiving "too much" mail ABOUT
  their customers to abuse () att net ?

  Example: 12.158.240.0/23, 12.42.172.0/22, 12.158.224.0/23, 12.158.234.0/23,
  12.158.236.0/23:

  Jan 24 16:11:03 sonet sendmail[11117]: NOQUEUE: ruleset=check_relay, arg1=if1.dlyforyourinfo.com, 
arg2=12.158.240.237, relay=if1.dlyforyourinfo.com [12.158.240.237], reject=550 NETBLOCK for CBB/cotennet.com - access 
for jpmailer.com denied - perpetual mail to non-existing users - Spammers must die.

  Upon complaint re: this spamhaus continuing to connect here:

  The original message was received at Fri, 24 Jan 2003 16:11:09 -0500 (EST)
  from root@localhost

     ----- The following addresses had permanent fatal errors -----
  abuse () att net

     ----- Transcript of session follows -----
  ... while talking to gateway2.att.net.:
  <<< 550 208.241.101.2 must be verifiable in DNS
  ... while talking to gateway3.att.net.:
  >>> QUIT
  <<< 550 208.241.101.2 must be verifiable in DNS
  ... while talking to gateway1.att.net.:
  >>> QUIT
  <<< 550 208.241.101.2 must be verifiable in DNS
  554 abuse () att net... Service unavailable

  (a temporary failure due to renumbering)
  Rejecting on broken or non-existing DNS will probably reject mail from
  more than 15% of all mail servers on the Internet - guaranteeing a
  false positive rate not even matched by the combined 6 DNSBL's I
  use - cumulative and with hard 5xx rejects. AT&T on the other hand,
  will use DNSBL's when the first snowball emerges from hell unscathed.

  Makes you wonder if noc () att net is missing a lotta mail today -
  "gee, za eanternet w0rcks zplend1d todey, duznt eet!" -
  think of http://www.despair.com/ap24x30prin.html :)

  Last but not least, Level3's tolerance of spamming customers has nothing
  on AT&T's ignorance of reports of DoS attacks in the form of address forgery
  committed by their spamming customers, or on behalf of said customers, despite
  notifying them by fax of such activity. That, and the mindless blather
  you receive back from abuse () att net on very rare occasions when you complain
  about their customers hitting your spamtraps (dead users, rejects):
  "please forward the header and full body of the spam you received".

  Next: "please call 1-900-ATT-ABUSEDESK, get charged $5 for the call,
  and use the authorization code given to you in the subject line of
  your complaint to guarantee that your message is not shoved into /dev/null"



--mghali () snark net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>

Current thread:

att.net email issues? Jim Popovitch (Jan 23)
- RE: att.net email issues? Jim Popovitch (Jan 23)
  - RE: att.net email issues? Andy Dills (Jan 24)
  - Re: att.net email issues? kai (Jan 24)
    - Re: att.net email issues? just me (Jan 24)
    - Re: att.net email issues? Sean Donelan (Jan 24)
    - Re: att.net email issues? Jack Bates (Jan 24)
    - Re: att.net email issues? Chris Adams (Jan 24)
    - Re[2]: att.net email issues? Richard Welty (Jan 24)
    - Re: att.net email issues? kai (Jan 27)
    - Re: att.net email issues? just me (Jan 27)
  - RE: att.net email issues? Jim Popovitch (Jan 24)
- <Possible follow-ups>
- RE: att.net email issues? Jack McCarthy (Jan 24)