1. Forum
  2. Usenet
  3. COMP.MAIL.MISC

  • spam from MAROSNET (AS48666) and GMHOST-NET (AS201094) networks

    From Ivan Shmakov@21:1/5 to All on Thu Nov 10 17:10:23 2016
    XPost: news.admin.net-abuse.email

    Ivan Shmakov <[email protected]> writes:

    [...]

    All the unwanted mail I saw before came from the 13 networks below,
    which I've thus added to my 'rejectnet' set:

    185.5.248.0/22 from AS: 48666 (upstreams: 12389 9002),
    185.58.204.0/22 from AS: 48666 (upstreams: 12389 9002),
    185.87.48.0/22 from AS: 48666 (upstreams: 12389 9002),
    185.117.152.0/22 from AS: 48666 (upstreams: 12389 9002),
    185.125.216.0/22 from AS: 48666 (upstreams: 12389 9002),
    193.106.96.0/22 from AS: 48666 (upstreams: 12389 9002),
    193.124.176.0/20 from AS: 48666 (upstreams: 12389 9002),
    194.67.192.0/23 from AS: 48666 (upstreams: 12389 9002),
    194.67.194.0/24 from AS: 48666 (upstreams: 12389 9002),
    194.67.196.0/22 from AS: 48666 (upstreams: 12389 9002),
    194.67.200.0/21 from AS: 48666 (upstreams: 12389 9002),
    194.67.208.0/20 from AS: 48666 (upstreams: 12389 9002),

    This has worked quite well until yesterday, when I've got yet
    another message, this time from 95.46.99.0/24 (AS201094), very
    similar to those I was getting from the MAROSNET networks.

    I've mailed abuse at gmhost dot com dot ua, but seen no reply as
    of yet. The hosts were thus added to my 'dropemall' set; while
    the network (/24) made it straight to 'rejectnet'.

    2016W45 [email protected] [95.46.99.232]
    [email protected] [95.46.99.233]

    FTR, there were a couple more messages with similar Message-ID:
    values (/^[0-9A-Z]{32}@/) that came from other networks; namely:

    2016W44 [email protected] [219.121.225.37]
    2016W42 [email protected] [202.113.96.4]

    And just in the case someone gets curious, here's a partial
    list of IPv4 addresses that were recently denied access to
    TCP port 25 at my MX, in reverse chronological order.

    ## IPv4 days rDNS
    94.142.140.44 0 vector2000.ru.
    193.124.180.212 0 alpaper.ru.
    194.67.198.162 0 raskat-servis.ru.
    194.67.198.174 0 mmaweb.ru.
    194.67.198.180 0 news40.ru.
    194.67.213.188 0 kama-pv.ru.
    194.67.213.192 0 lesaltai.ru.
    185.58.205.61 1 wapmag.ru.
    194.67.198.169 1 100euro.ru.
    194.67.213.187 1 teko-pskov.ru.
    194.67.213.190 1 fenecair.ru.
    194.67.199.166 2 gazon72.ru.
    194.67.213.189 2 ra-mart.ru.
    185.5.250.180 3 warfilm.ru.
    194.67.199.162 3 mmtours.ru.
    185.87.48.120 7 sks26.ru.
    185.87.48.203 7 mp3mw.ru.
    185.87.51.60 7 flat-ice.ru.
    193.124.183.150 7 free.marosnet.net.
    194.67.213.186 7 tono-int.ru.
    185.5.250.20 8 market-ur.ru.
    193.124.181.229 8 free.marosnet.net.
    194.67.198.197 8 da-lite.ru.
    194.67.210.197 8 btforum.ru.
    194.67.210.202 8 threeality.ru.
    194.67.210.205 8 brook-bond.ru.
    194.67.211.112 8 f-plast.ru.
    194.67.212.211 8 dialint.ru.
    194.67.212.188 9 gummail.ru.
    194.67.213.191 9 ecc-inok.ru.

    [...]

    --
    FSF associate member #7257 np. Dream Raga -- Jami Sieber 3013 B6A0 230E 334A

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)