Re: [exim] Odd hostname found in logs.

Andrew - Supernews wrote:
> >>>>> "Wakko" == Wakko Warner <wakko@???> writes:
>
> Wakko> 2007-10-07 21:17:30 no IP address found for host
> Wakko> spam.complaints.(888)292-3827.alltel.senior.support.ticket#2-940727661
> Wakko> (during SMTP connection from [216.96.39.144] I=[<removed>]:25)
>
> Wakko> Has anyone seen entries like this before?
>
> Of course, though the particular text in that one (which is from the
> PTR record for 216.96.39.144) seems a little bit unusual.

It was odd that the 2nd time that IP connected, there was no rDNS PTR at
all.

> All it's telling you is that the PTR record for that IP didn't resolve
> back to an IP address.

I understand this.

> Wakko> (I did remove my local host's IP from the line above. I'm not
> Wakko> asking for support, just asking if anyone else has any similar
> Wakko> entry)
>
> Plenty of spam attempts in my log from that IP, which is also listed in
> CBL (and hence Spamhaus XBL and Zen), Spamcop and PSBL. It's clearly
> infected with the Storm malware and sending spam in large quantities
> (and has been doing so for at least several days).

I don't check RBLs if there's no valid rDNS, I just defer (incase there's a
dns problem)

> What Alltel or whoever think they're trying to achieve with that rDNS
> entry is a complete mystery to me, though.

As it is to me as well, I posted this for comments about the name that was
returned. I thought that ( ) and # weren't allowed in hostnames.

--
Lab tests show that use of micro$oft causes cancer in lab animals
Got Gas???