Re: [anti-spam-wg@localhost] I really need your help!

  • To: "Eng.Sherif A.Gurguis" <
    >
  • From: Florian Weimer <
    >
  • Date: Sun, 03 Jul 2005 23:57:26 +0200

* Eng Sherif A. Gurguis:

> Hello everybody
>        I am from EgyNet (AS:20858), and we are assigned the following
> IP blocks: 62.139.0.0/16 and 84.36.0.0/16. Recently, we have been
> receiving complaints from some of our customers in the first block
> that they are facing problems in sending emails as their recepients'
> anti-spam systems reject emails as the source is identifed as a
> spammer. I tried to lookup in the spammer databases available on the
> Web, such as (http://www.rbls.org), but I could not reach any solid
> point.

Well, you certainly have a spam problem.  Maybe some of the ISP folks
on this list can provide some suggestions how to adopt a proactive
approach to spam from your network.  Personally, I'd just use netflow
data and a few Perl script, but this doesn't fit into all
environments.

A couple of examples:

http://www.spamcop.net/w3m?action=blcheck&ip=62.139.196.120
http://cbl.abuseat.org/lookup.cgi?ip=84.36.84.50

I even found too example spam messages from your AS in my inbox:

Return-path: <similar-return-1-fw=deneb.enyo.de@localhost
Envelope-to: fw@localhost
Delivery-date: Wed, 22 Jun 2005 09:43:07 +0200
Received: from [212.9.189.167] (helo=mail.enyo.de)
        by deneb.enyo.de with esmtp (Exim 4.50)
        id 1Dkzt5-0005tG-31
        for fw@localhost Wed, 22 Jun 2005 09:43:07 +0200
Received: from [62.139.232.32] (helo=search.com)
        by albireo.enyo.de with smtp id 1Dkzt4-0007Uq-KU
        for fw@localhost Wed, 22 Jun 2005 09:43:08 +0200
Received: (qmail 14213 invoked by uid 89); 22 Jun 2005 08:19:02 -0000
Mailing-List: contact similar-help@localhost run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Post: <
> List-Help: <
> List-Unsubscribe: <
> List-Subscribe: <
> Reply-To: info@localhost Delivered-To: mailing list similar@localhost Delivered-To: moderator for similar@localhost Received: (qmail 6321 invoked from network); 21 Jun 2005 13:29:56 -0000 Message-ID: 3835-220056221112934187@localhost From: "Understanding The Freight Business" email@localhost To: similar@localhost Subject: =?windows-1256?Q?July_3_%G�%@localhost,_2005:_Understanding_The_Freight_Business?= Date: Tue, 21 Jun 2005 14:29:34 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_13731162125517112934218" Xref: deneb.enyo.de spam:67409 Lines: 35 Return-path: <network-return-2-fw=deneb.enyo.de@localhost Envelope-to: fw@localhost Delivery-date: Thu, 30 Jun 2005 09:51:22 +0200 Received: from [212.9.189.167] (helo=mail.enyo.de) by deneb.enyo.de with esmtp (Exim 4.50) id 1DntpJ-0000PZ-Sp for fw@localhost Thu, 30 Jun 2005 09:51:14 +0200 Received: from [62.139.232.218] (helo=cnn.com) by albireo.enyo.de with smtp id 1Dnj0p-00058L-Di for fw@localhost Wed, 29 Jun 2005 22:18:24 +0200 Received: (qmail 6767 invoked by uid 89); 29 Jun 2005 19:17:39 -0000 Mailing-List: contact network-help@localhost run by ezmlm Precedence: bulk X-No-Archive: yes List-Post: <
> List-Help: <
> List-Unsubscribe: <
> List-Subscribe: <
> Reply-To: info@localhost Delivered-To: mailing list network@localhost Delivered-To: moderator for network@localhost Received: (qmail 593 invoked from network); 27 Jun 2005 12:39:35 -0000 Message-ID: 3835-220056127103913218@localhost From: "Egypt's New Labor Law # 12of the year 2003" tour@localhost To: network@localhost Subject: July 12 - 13, 2005: Egypt's New Labor Law # 12of the year 2003 Date: Mon, 27 Jun 2005 13:39:13 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_203192730052103913234" Xref: deneb.enyo.de spam:67715 Lines: 35