xpbargains.net spam [was: Re: 'Broadcom Wireless b/g
smithi at nimnet.asn.au
Fri Dec 10 13:47:38 UTC 2010
In freebsd-questions Digest, Vol 340, Issue 11, Message: 27
On Fri, 10 Dec 2010 00:54:37 -0500
> On Sun, Nov 7, 2010 at 9:54 AM, Paul B Mahol <onemda at gmail.com> wrote:
No, he didn't. These mails are FORGED as being from freebsd-questions
participants, and on first glance may appear to be list postings. They
used to get posted to the list itself also, but postmaster@ blocked the
nuisance source back in August. However that doesn't stop them from
targetting individual list participants, like you.
If you examine the full mail headers, it's likely to have originated
from the following IP address. If so, you just need to block that
address at your mailserver. But if they've moved, we need to know ..
Quoting from a message to postmaster@ in August:
> As Roland pointed out, the phishing/virus/whatever referral has switched
> from downwind.com.au to xpbargains.net, and possibly some others.
> Here's the business:
> % dig +short -x 188.8.131.52
> % dig +short allmail.0b2.net.
> % dig +short dusk.parklogic.com
> If you can discard by Message-ID then every one of these, including the
> privately mailed ones, has @dusk.parklogic.com there.
> If you can block by IP, then that's the one. Or by hostname, every one
> so far has been relayed by allmail.0b2.net (that's a zero).
So if the full headers reveal coming from that hostname or that IP or
any other IP in 184.108.40.206/29, just block that and move on.
If it's a different address range now, please provide the full headers
for the message you received, with a copy to postmaster at freebsd.org
Thanks, Ian (please cc me on any reply, I take this list as a digest)
More information about the freebsd-questions