SORBS Scanning (unauthorized)
Dean Anderson
dean at av8.com
Fri Apr 1 00:40:23 UTC 2005
Ok, lets get back on topic: (some cisco config for network operators:)
SORBS is relay testing again (see bounce below). BTW: for those networks
that only feel comfortable blocking illegal activity, this is a violation
of CAN-SPAM, because the message forges email headers, which is banned.
You can access list the scanners by the following:
access-list 104 deny ip 203.15.51.42 0.0.0.31 any
Its more effective to block the DNS servers for the blacklist:
access-list 104 deny ip host 194.109.9.11 any
access-list 104 deny ip host 194.134.35.168 any
access-list 104 deny ip host 194.134.35.204 any
access-list 104 deny ip host 204.152.186.189 any
access-list 104 deny ip host 203.15.51.34 any
access-list 104 deny ip host 209.209.1.20 any
access-list 104 deny ip host 209.142.2.10 any
access-list 104 deny ip host 194.134.64.74 any
access-list 104 deny ip host 128.193.0.30 any
access-list 104 deny ip host 128.193.0.130 any
Date: Wed, 30 Mar 2005 16:48:17 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON at unspecified-domain>
To: postmaster at unspecified-domain, spamtest at citation.av8.net
Subject: Returned mail: Local configuration error
The original message was received at Wed, 30 Mar 2005 16:44:45 -0500
from goliath.sorbs.net [203.15.51.42]
----- The following addresses had permanent fatal errors -----
<@[130.105.12.3]:relays at sorbs.net>
----- Transcript of session follows -----
554 <@[130.105.12.3]:relays at sorbs.net>... Local configuration error
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
More information about the NANOG
mailing list