Discussion:
Looking for Clue at Earthlink
(too old to reply)
Rob Szarka
2008-03-24 15:19:16 UTC
Permalink
If someone here is from Earthlink, or knows someone who is, please
get in touch with me off-list. I have a mail-related issue to
resolve. (Sadly the ARIN-listed contact is not valid and mail to
postmaster seems to go into the same black hole as mail to abuse.)

Specifically, the issue relates to the servers in 209.86.89.0/24, in
case anyone here is already aware of an issue with the servers in
this block and can help.
--
Rob Szarka, Bizgrok Inc.
http://bizgrok.com/
860-887-5600
800-954-INET
Barry Shein
2008-03-24 21:31:54 UTC
Permalink
Post by Rob Szarka
If someone here is from Earthlink, or knows someone who is, please
get in touch with me off-list. I have a mail-related issue to
resolve. (Sadly the ARIN-listed contact is not valid and mail to
postmaster seems to go into the same black hole as mail to abuse.)
Specifically, the issue relates to the servers in 209.86.89.0/24, in
case anyone here is already aware of an issue with the servers in
this block and can help.
Do you mean how they're pwned and just spew dictionary attacks?

It comes and goes tho mostly comes.

Mar 24 17:09:37 pcls5 sendmail[23040]: NOUSER: kprice5 relay=elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]
Mar 24 17:18:19 pcls5 sendmail[4351]: accept: 25 elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Mar 24 17:18:30 pcls5 sendmail[4351]: NOUSER: kpm relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Mar 24 17:18:33 pcls5 sendmail[4351]: NOUSER: kpm1 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Mar 24 17:18:36 pcls5 sendmail[4351]: NOUSER: kpm10 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Mar 24 17:18:39 pcls5 sendmail[4351]: NOUSER: kpm2 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Mar 24 17:18:42 pcls5 sendmail[4351]: NOUSER: kpm3 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]
Mar 24 17:24:41 pcls5 sendmail[13117]: accept: 25 elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]
Mar 24 17:24:51 pcls5 sendmail[13117]: NOUSER: kpr relay=elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]
Mar 24 17:24:54 pcls5 sendmail[13117]: NOUSER: kpr1 relay=elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]
Mar 24 17:24:57 pcls5 sendmail[13117]: NOUSER: kpr10 relay=elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]
Mar 24 17:25:00 pcls5 sendmail[13117]: NOUSER: kpr2 relay=elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]
Mar 24 17:25:03 pcls5 sendmail[13117]: NOUSER: kpr3 relay=elasmtp-scoter.atl.sa.earthlink.net [209.86.89.67]
--
-Barry Shein

The World | ***@TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
Rob Szarka
2008-03-24 22:14:48 UTC
Permalink
Post by Barry Shein
Post by Rob Szarka
Specifically, the issue relates to the servers in 209.86.89.0/24, in
case anyone here is already aware of an issue with the servers in
this block and can help.
Do you mean how they're pwned and just spew dictionary attacks?
No, that's a problem that I've given up on trying to solve.
Unfortunately, those servers also occasionally send some legitimate
email, and my customers want to receive that, so not receiving email
from those servers is actually a problem despite the welcome respite
from Earthlink spam...

I figured out that the problem has to do with their servers being
very impatient and not wanting to wait for mine to check the RBLs.
Which is, of course, pretty ironic considering how much spam they
spew. You'd think that their servers would shuffle the mail off to
another, more tolerant server, but instead the same server just keeps
retrying it with the same aggressive timeout... *sigh*

Seems as if over the past decade Earthlink and AOL have nearly traded places!
Loading...