On Sun, 30 Jun 2002, Adam Henry wrote:
> hi gang,
>
> Noticed something I never have seen before, any thoughts? Have a
> closer look at the IP address of the sender. The only harm I think
> this has done is to create a bounce loop, but should I be
> ultra-responsible and contact the DNS admin for E-Finance Network,
I wouldnt bother. They are clearly spammers, and you wouldnt have much
luck anyway. I can think of no other reason why they would have listed
pointed their MX at a host with an A record of 0.0.0.0 - basically, they
dont want to receive any email, not even bounces.
They want to pump crap upon the Internet and never hear about it again,
except for the morons that actually want to ask them about a mortgage
(for which there've certainly provided in the message some other method
of contact that they can screen responses to and that doesnt give any
clues as to their real identify such as a dropbox on another system, or
a voicemail or fax number)
Someone else mentioned ignore_target_hosts - that would also help if you
do sender_verification, it would prevent you from accepting this message
to begin with, and avoid the problem of being unable to bounce it.
# dig loan-prospects.com mx
;; ANSWER SECTION:
loan-prospects.com. 86291 IN MX 10 loan-prospects.com.
;; ADDITIONAL SECTION:
loan-prospects.com. 3491 IN A 0.0.0.0
> LLC?
>
> thanks,
> hank
>
>
> 17OmWi-0008TM-00 (what started it all):
>
> > 2002-06-30 17:46:36 17OmWi-0008TM-00 <= <> H=localhost
> > (intrepid.marinar.com) [127.0.0.1] P=esmtp S=4475
> > id=E17OmWi-0008TH-00@??? T="Mail delivery failed:
> > returning message to sender" from <> for bxeasyqual@???
> >
> > 2002-06-30 17:46:37 17OmWi-0008TM-00 => bxeasyqual@???
> > F=<> R=lookuphost T=remote_smtp
> > H=loan-prospects.com [0.0.0.0] C="250 OK id=17OmWj-0008TQ-00"
> >
> > 2002-06-30 17:46:37 17OmWi-0008TM-00 Completed
>
> Here is the apparent message's headers:
>
> > Return-path: <bxeasyqual@???>
> > Received: from p17024.net.upc.nl ([212.142.17.24] helo=24.93.200.32)
> > by intrepid.marinar.com with smtp (Exim 3.34 #1 (Debian))
> > id 17OmWf-0008Ss-00
> > for <fryderyka@???>; Sun, 30 Jun 2002 17:46:36 -0400
> > Received: from unknown (189.234.223.231) by rly-xr02.mx.aol.com with
> > esmtp; Jul, 01
> > 2002 2:29:56 PM +0400
> > Received: from [195.98.27.144] by web13708.mail.yahoo.com with smtp;
> > Jul, 01 2002
> > 1:19:34 PM +0400
> > Received: from unknown (77.222.200.106) by rly-xw01.mx.aol.com with
> > SMTP; Jul, 01
> > 2002 12:19:49 PM +0400
> > From: ytgHome Loan Center <bxeasyqual@???>
> > To: Subscribers
> > Cc:
> > Subject: Get the LOWEST Mortgage Rate and $ave like never before
> > possible! ynuo
> > Sender: ytgHome Loan Center <bxeasyqual@???>
> > Mime-Version: 1.0
> > Content-Type: text/html; charset="iso-8859-1"
> > Date: Mon, 1 Jul 2002 14:49:02 -0700
> > X-Mailer: Microsoft Outlook Build 10.0.2616
> > Message-Id: <E17OmWf-0008Ss-00@???>
>
> And here is E17OmWf-0008Ss-00:
>
> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 <= bxeasyqual@???
> > H=p17024.net.upc.nl (24.93.200.32) [212.142.17.24] P=smtp S=3134
> > T="Get the LOWEST Mortgage Rate and $ave like never before possible!
> > ynuo" from <bxeasyqual@???> for fryderyka@???
> >
> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 **
> > "fryderyka%marinar.com"@??? <fryderyka@???>
> > F=<bxeasyqual@???> R=lookuphost T=remote_smtp: SMTP
> > error from remote mailer after RCPT
> > TO:<"fryderyka%marinar.com"@???>: host
> > webslayer.marinar.com [64.241.86.36]: 550
> > <"fryderyka%marinar.com"@???>... User unknown
> >
> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 Error message sent to
> > bxeasyqual@???
> >
> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 Completed
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
