UltraDNS mail admin around?

Mailman List Mirror (Read Only)
1

I'm getting bombarded by these

Received: from 80.224.33.155.static.user.ono.com ([80.224.33.155])by
    mxb2eqsj.ultradns.net with esmtp (Exim 4.43)id 1J7YZc-0007qU-4ifor
    mason_johnn@i2c.com; Wed, 26 Dec 2007 15:53:36 +0000
Message-ID: <000701c847d7$0379bd21$79a237a3@muffejda>

2

Andrey Gordon wrote:

I'm getting bombarded by these

Received: from 80.224.33.155.static.user.ono.com ([80.224.33.155])by
    mxb2eqsj.ultradns.net with esmtp (Exim 4.43)id 1J7YZc-0007qU-4ifor
    mason_johnn@i2c.com; Wed, 26 Dec 2007 15:53:36 +0000
Message-ID: <000701c847d7$0379bd21$79a237a3@muffejda>
From: "Handbags" <andrzej@myrealbox.com>
To: "Replica Watches" <mason_johnn@i2c.com>

<sigh> get a clue

155.33.224.80.in-addr.arpa domain name pointer
80.224.33.155.static.user.ono.com.

randy

3

Randy Bush wrote:

Andrey Gordon wrote:

I'm getting bombarded by these

Received: from 80.224.33.155.static.user.ono.com ([80.224.33.155])by
    mxb2eqsj.ultradns.net with esmtp (Exim 4.43)id 1J7YZc-0007qU-4ifor
    mason_johnn@i2c.com; Wed, 26 Dec 2007 15:53:36 +0000
Message-ID: <000701c847d7$0379bd21$79a237a3@muffejda>
From: "Handbags" <andrzej@myrealbox.com>
To: "Replica Watches" <mason_johnn@i2c.com>

<sigh> get a clue

155.33.224.80.in-addr.arpa domain name pointer
80.224.33.155.static.user.ono.com.

sorry. first cuppa.

was ultra really the next hop?

randy

4

Randy Bush wrote:

Randy Bush wrote:

Andrey Gordon wrote:

I'm getting bombarded by these

Received: from 80.224.33.155.static.user.ono.com ([80.224.33.155])by
    mxb2eqsj.ultradns.net with esmtp (Exim 4.43)id 1J7YZc-0007qU-4ifor
    mason_johnn@i2c.com; Wed, 26 Dec 2007 15:53:36 +0000
Message-ID: <000701c847d7$0379bd21$79a237a3@muffejda>
From: "Handbags" <andrzej@myrealbox.com>
To: "Replica Watches" <mason_johnn@i2c.com>

was ultra really the next hop?

Either Ultradns is Andrey's mail server, or he appears to have left out
his perimeter's Received line. More likely the latter. Without seeing
the final received line, can't tell whether this really went thru UltraDNS.

Many BOTS forge headers. It's not at all unusual to see:

Received: from a by b (b is my server)
Received: from c by d

where d != a. Meaning the second Received line is entirely fabricated.

5

we are actually not using ultraDNS for email. DNS only.
It does awfully close to some local host spamming. tx for the help to y'all