Mails not from me
Christopher Chan
christopher.chan at bradbury.edu.hk
Tue Nov 2 12:39:11 UTC 2010
On Tuesday, November 02, 2010 07:26 PM, Alan Pope wrote:
> Hi,
>
> Looks like someone was trying to send a bunch of spam mail to the
> ubuntu-users to the list as me.
>
> https://lists.ubuntu.com/archives/ubuntu-users/2010-November/233157.html
>
> It wasn't me or any system I own/administer, broken or otherwise. From
> one of those mails:-
>
> Received: from [175.107.158.213] (helo=dev)
> by chlorine.canonical.com with esmtp (Exim 4.69)
> (envelope-from<alan at popey.com>) id 1PDDtx-0001M8-9o
> for ubuntu-users at lists.ubuntu.com; Tue, 02 Nov 2010 10:15:37 +0000
> Received: from dev (localhost [127.0.0.1])
> by dev (Postfix) with SMTP id 7708995A8540
> for<ubuntu-users at lists.ubuntu.com>;
> Tue, 2 Nov 2010 05:15:32 -0500 (CDT)
>
> Where 175.107.158.213 is:-
>
> k9.ausics.net A 175.107.158.213
>
> Only person I can see using that address on this list is Res.
>
> Received: from k9.ausics.net ([175.107.158.213])
> by chlorine.canonical.com with esmtp (Exim 4.69)
> (envelope-from<res at ausics.net>) id 1Oibgy-0001SE-DD
> for ubuntu-users at lists.ubuntu.com; Tue, 10 Aug 2010 00:23:40 +0100
>
> So I guess he's trying to get me blocked for spam. Nice.
>
> I've blocked that host from mailing this list which should stop the
> mails coming through. Apologies for the disruption.
>
tsk, tsk, never thought Res would sink that low. I wonder if he got
rooted...
hmm...maybe we're jumping to conclusions:
whois 175.107.158.213
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 175.107.128.0 - 175.107.191.255
netname: AUSSIEHQ
descr: AussieHQ Pty Ltd
descr: Internet Communications and Web Hosting Provider
descr: Canberra, Australia
country: AU
admin-c: AN188-AP
tech-c: AN188-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-AU-AUSSIEHQ
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed at apnic.net 20100111
source: APNIC
role: AussieHQ NOC
address: Level 2
address: 92 Northbourne Avenue
address: Braddon ACT 2612
country: AU
phone: +61 2 6163 9393
fax-no: +61 2 6176 2000
e-mail: noc at aussiehq.com.au
trouble: Send abuse and spam reports to abuse at aussiehq.com.au.
trouble: Abuse reports in ARF format should go to
abuse-arf at aussiehq.com.au.
trouble: Please include detailed information and times in UTC.
trouble: AussieHQ does not accept spam reports for messages more
than 7 days old.
admin-c: AN188-AP
tech-c: AN188-AP
mnt-by: MAINT-AU-AUSSIEHQ
changed: noc at aussiehq.com.au 20090920
source: APNIC
nic-hdl: AN188-AP
remarks: http://www.aussiehq.com.au
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16512
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;k9.ausics.net. IN A
ausics.net. 86400 IN MX 100 mx.ausics.net.
ausics.net. 86400 IN MX 0 mail.ausics.net.
ausics.net. 86400 IN MX 50 gallifrey.ausics.net.
mx.ausics.net. 86392 IN A 27.33.160.23
mail.ausics.net. 86384 IN A 27.33.160.23
gallifrey.ausics.net. 86373 IN A 204.152.222.159
Nah, can't be Res can it? The exim version and use of exim is the same
but that netblock was reassigned very recently:
changed: hm-changed at apnic.net 20100111
More information about the ubuntu-users
mailing list