_____________________________________________________________________________ Text of message forwarded by NetSide postmaster to Globix contacts of record: _____________________________________________________________________________ ---------- Forwarded message ---------- Date: Fri, 1 Mar 2002 02:03:31 -0500 (EST) From: Mail Delivery Subsystem To: root@netside.net Subject: Returned mail: User unknown The original message was received at Fri, 1 Mar 2002 02:03:28 -0500 (EST) from root@localhost ----- The following addresses had permanent fatal errors ----- Spam Disposal Unit ----- Transcript of session follows ----- ... while talking to mx.comstar.net.: >>> RCPT To: <<< 551 205.159.140.2: idiots not welcome 550 Spam Disposal Unit ... User unknown --CAA10441.1014966211/netside.net Content-Type: MESSAGE/DELIVERY-STATUS Content-ID: Reporting-MTA: dns; netside.net Arrival-Date: Fri, 1 Mar 2002 02:03:28 -0500 (EST) Final-Recipient: RFC822; abuse-sdu@comstar.net Action: failed Status: 5.1.1 Remote-MTA: DNS; mx.comstar.net Diagnostic-Code: SMTP; 551 205.159.140.2: idiots not welcome Last-Attempt-Date: Fri, 1 Mar 2002 02:03:30 -0500 (EST) --CAA10441.1014966211/netside.net Content-Type: MESSAGE/RFC822 Content-ID: Return-Path: root Received: (from root@localhost) by netside.net (8.8.8/8.7.3) id CAA10437; Fri, 1 Mar 2002 02:03:28 -0500 (EST) Date: Fri, 1 Mar 2002 02:03:26 -0500 (EST) From: "sunny-Admin(0000)" To: Spam Disposal Unit cc: hostmaster@globix.net Subject: Re: [SPAM 205.159.140.2] How Can I order? [t26dm] In-Reply-To: <1014962332.3854.7.camel@chef.neosouth.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Are you making policy for your company? Then please identify yourself, or at least the role you play at Globix. Since Globix (OTC:BB GBIX.OB) is a public company on the verge of filing for Chapter 11 bankruptcy protection, and also has pending litigation, it would be in your best interest to first check with your superiors or legal department and try avoiding all negative publicity. This correspondence will serve as official notification that NetSide Corporation, a Florida ISP since 1995, has responded to your complaint in a polite manner, and has determined that the spam originated elsewhere. We have taken the necessary steps to block the actual address where the spammers operate. As far as we are concerned, the case is closed. It is up to your company to further pursue the spammers with their provider. We reserve the right to publicize this case and provide evidence to other parties, should you decide to escalate this conflict. --Postmaster NetSide Corporation Tel: 305-531-1995 admin@netside.net On 1 Mar 2002, Spam Disposal Unit wrote: > *My* real problem? I have a much better solution: Blocking your class C > 205.159.140.0/24, since you apparently have no clue about operating a > secure mail server. > > On Thu, 2002-02-28 at 16:45, sunny-Admin(0000) wrote: > > We have started blocking the two class C's 63.107.246.0/24 and > > 63.107.247.0/24 as a result of this incident. > > > > For details regarding our position on open relays, please visit > > http://www.dotcomeon.com/ > > > > The spammers seem to belong to an organized ring. It is not the first > > time we see the same message, and a documented complaint was filed in > > each case with their upstream ISP. They were disconnected elsewhere. > > > > As they are targeting your customers, your real problem is finding > > out who they are. > > > > --Postmaster > > NetSide Corporation > > Tel: 305-531-1995 > > admin@netside.net > > > > > > On 28 Feb 2002, Spam Disposal Unit wrote: > > > > > Yes, and your server 205.159.140.2 appears to be an open relay. > > > > > > On Thu, 2002-02-28 at 10:16, sunny-Admin(0000) wrote: > > > > The spam you have received originated on ip 63.107.246.138 in > > > > NETBLK-UU-63-107-246. > > > > > > > > Media Log (NETBLK-UU-63-107-246) > > > > 325 5th Avenue > > > > New York, NY 10016 > > > > US > > > > > > > > Netname: UU-63-107-246 > > > > Netblock: 63.107.246.0 - 63.107.247.255 > > > > Maintainer: MLOG > > > > > > > > Coordinator: > > > > Sellouk, Marc (MS429-ARIN) marc@COSMOWEB.NET > > > > (212) 683-8330 > > > > > > > > Record last updated on 26-Jun-2000. > > > > Database last updated on 27-Feb-2002 19:57:58 EDT. > > > > > > > > traceroute to 63.107.246.138 (63.107.246.138) 30 hops max, 40 byte packets > > > > [...] > > > > 7 97.ATM1-0.BR1.ATL5.ALTER.NET (204.255.168.73) 38 ms (ttl=250!) 33 ms (ttl=250!) 29 ms (ttl=250!) > > > > 8 146.at-6-2-0.XR2.ATL5.ALTER.NET (152.63.80.122) 27 ms 28 ms 27 ms > > > > 9 0.so-1-0-0.XL2.ATL5.ALTER.NET (152.63.85.193) 28 ms (ttl=248!) 45 ms (ttl=248!) 46 ms (ttl=248!) > > > > 10 0.so-1-2-0.TL2.ATL5.ALTER.NET (152.63.146.2) 28 ms (ttl=247!) 28 ms (ttl=247!) 28 ms (ttl=247!) > > > > 11 0.so-1-1-0.TL2.NYC8.ALTER.NET (152.63.0.158) 43 ms (ttl=248!) 43 ms (ttl=248!) 43 ms (ttl=248!) > > > > 12 0.so-7-0-0.XL2.NYC4.ALTER.NET (152.63.68.117) 44 ms (ttl=248!) 43 ms (ttl=248!) 43 ms (ttl=248!) > > > > 13 0.so-7-0-0.XR4.NYC4.ALTER.NET (152.63.18.30) 43 ms (ttl=246!) 43 ms (ttl=246!) 43 ms (ttl=246!) > > > > 14 510.ATM6-0.GW10.NYC4.ALTER.NET (152.63.21.221) 44 ms (ttl=246!) 44 ms (ttl=246!) 44 ms (ttl=246!) > > > > 15 cosmoweb.net-gw.customer.ALTER.NET (157.130.19.178) 48 ms (ttl=245!) 45 ms (ttl=245!) 48 ms (ttl=245!) > > > > 16 112-036.cosmoweb.net (208.223.112.36) 43 ms (ttl=53!) 45 ms (ttl=53!) 44 ms (ttl=53!) > > > > 17 071-062.cosmoweb.net (63.96.71.62) 184 ms (ttl=243!) 240 ms (ttl=243!) 253 ms (ttl=243!) > > > > 18 63.107.246.138 (63.107.246.138) 228 ms (ttl=115!) 224 ms (ttl=115!) 170 ms (ttl=115!) > > > > > > > > > > > > --Postmaster > > > > NetSide Corporation > > > > Tel: 305-531-1995 > > > > admin@netside.net > > > > > > > > > > > > On 28 Feb 2002, Spam Disposal Unit wrote: > > > > > > > > > --- This is an automated spam complaint. Direct replies to this message > > > > > --- might not be noticed. Send inquiries to . > > > > > --- Additional information follows this message. > > > > > > > > > > Return-Path: > > > > > Received: (qmail 18574 invoked from network); 28 Feb 2002 09:47:03 -0000 > > > > > Received: from unknown (HELO netside.net) (@205.159.140.2) > > > > > by mx02.comstar.net with SMTP; 28 Feb 2002 09:47:03 -0000 > > > > > Received: from tlnsk.yahoo.com ([63.107.246.138]) by netside.net (8.8.8/8.7.3) with SMTP id EAA09090; Thu, 28 Feb 2002 04:40:00 -0500 (EST) > > > > > Date: Thu, 28 Feb 2002 04:40:00 -0500 (EST) > > > > > From: mytqkpgzsqvwvduh@yahoo.com > > > > > Message-Id: <200202280940.EAA09090@netside.net> > > > > > To: juwpbstcinnhajhg@yahoo.com > > > > > Reply-To: pamelasidebottom538@excite.com > > > > > Subject: How Can I order? [t26dm] > > > > > Content-type: text/html; charset=ISO-8859-1 > > > > > X-Mailer: Mozilla 4.7 [en]C-CCK-MCD NSCPCD47 (Win98; I) > > > > > > > > > > > > > > > Accept Credit Carts today! > > > > > > > > > > > > > > > > > > > >
> > > > > CREDIT CARDS

> > > > >

> > > > > > > > > > > > > > > Do you find the whole idea might be overwhelming?

> > > > > Do you find those two words are just too complicated?
> > > > > Worried about all the troubles that could happen?

> > > > > > > > > > We will make it an Easy, Painless and Profitable
> > > > > Guaranteed to increase your business 50% - 90% Even More > > > > >

> > > > > > > > > > > > > > >

> > > > > > > > > > > > > > > We provide EVERYTHING you need to get started.
There are different packages to chose from and all are fully customizable.
Hardware and Software to suit YOUR needs! > > > > >

> > > > > > > > > >

> > > > > > > > > >
> > > > > Remember we just want to help you make your life a little easier > > > > > > > > > >
> > > > >

> > > > > > > > > >

> > > > > > > > > > For FREE No obligation Information Just reply with > > > > >
> > > > > your name, phone number,area code and the time that > > > > >
> > > > > you would like us to call you, and we will have > > > > >
> > > > > someone call you back as soon as possible!
> > > > > a representative will contact you shortly.

> > > > > > > > > >

> > > > > > > > > >
> > > > > > > > > > > > > > > > > > > > Name :
> > > > > Phone Number : ( )
> > > > > Best Time To Call :
> > > > > > > > > >
> > > > > > > > > >

> > > > > > > > > > > > > > >

> > > > > > > > > > > > > > >

> > > > > If you do not want to receive further mailings or have been inadvertently placed on our mailing list, typing the word REMOVE in the subject. Your address will be removed in 24 hours: > > > > > > > > > > > > > > > > > > > > mytqkpgzsqvwvduh > > > > > > > > > > --- Additional information about the preceeding message. > > > > > > > > > > Dear postmaster@netside.net admin@sunny.netside.net: > > > > > > > > > > You are receiving this automated message because you have been > > > > > determined to be responsible for 205.159.140.2; if you are an ISP, > > > > > this host may belong to your customer. > > > > > > > > > > The preceeding message was received by us from 205.159.140.2. It could not > > > > > be delivered to the specified recipient, and could not be returned > > > > > to the given sender. It is probably spam. Possibilities include: > > > > > > > > > > 1) 205.159.140.2 is an open SMTP relay. > > > > > 2) 205.159.140.2 the smarthost for an open SMTP relay. > > > > > 3) 205.159.140.2 is relaying correctly for a spamming customer. > > > > > 4) 205.159.140.2 is the spammer's host. > > > > > 5) 205.159.140.2 has a broken mailing list with bad envelope sender. > > > > > 6) 205.159.140.2 will not accept bounces, violates RFC-2505. > > > > > 7) 205.159.140.2 might be infected by an email virus or trojan. > > > > > 8) 205.159.140.2 is a mail forwarder; let us know if this is the case. > > > > > > > > > > Please check the headers carefully and make your own conclusions. > > > > > Check your host's relaying status here: > > > > > > > > > > check http://openrbl.org/?205.159.140.2 > > > > > test http://www.ordb.org/submit/ > > > > > > > > > > Current listings: SPAMMY="For FREE" > > > > > > > > > > We reserve the right to refuse mail from known open relays, undeliverable > > > > > addresses, or domains which refuse bounces. Until then, you may receive > > > > > additional notices. You usually will not receive more than one notice per > > > > > host in a 24-hr period. > > > > > > > > > > How we determined who to contact: If the hostname could be found (PTR), > > > > > and it resolved to 205.159.140.2, it was used to query whois.abuse.net for > > > > > the correct complaint address. If there was no PTR, the name in the > > > > > SMTP greeting, if available, is used if it resolves back to 205.159.140.2. > > > > > Otherwise, the SOA record was used instead of the hostname. If this failed, > > > > > mail was sent to postmaster@[205.159.140.2]. If you feel this message has reached > > > > > you in error, let us know and we'll look into it. Also see > > > > > http://www.abuse.net. > > > > > > > > > > So that you can see the entire path the message took through our > > > > > system, the original bounce messages are reproduced below. > > > > > > > > > > Hi. This is the qmail-send program at comstar.net. > > > > > I tried to deliver a bounce message to this address, but the bounce bounced! > > > > > > > > > > : > > > > > 64.157.4.82 failed after I sent the message. > > > > > Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (mytqkpgzsqvwvduh@yahoo.com) - mta626.mail.yahoo.com > > > > > > > > > > --- Below this line is the original bounce. > > > > > > > > > > Return-Path: <> > > > > > Received: (qmail 18581 invoked for bounce); 28 Feb 2002 09:47:03 -0000 > > > > > Date: 28 Feb 2002 09:47:03 -0000 > > > > > From: MAILER-DAEMON@comstar.net > > > > > To: mytqkpgzsqvwvduh@yahoo.com > > > > > Subject: failure notice > > > > > > > > > > Hi. This is the qmail-send program at comstar.net. > > > > > I'm afraid I wasn't able to deliver your message to the following addresses. > > > > > This is a permanent error; I've given up. Sorry it didn't work out. > > > > > > > > > > : > > > > > Sorry, no mailbox here by that name (#5.1.1) > > > > > > > > > > --- Below this line is a copy of the message. > > > > > (Message moved to top for your convenience.) > > > > > > > > > > > > >