Douglas Mortensen
2012-09-28 18:08:56 UTC
I think the following class C IP block needs added to the global client IP whitelist: 64.98.42.0/24
This is for Hughes.Net, who is a fairly large ISP in the USA. They use a different SMTP server for every reconnect/retry after having been deferred for greylisting. See an example below from my spam filter's logs this week (I have changed the email addresses in order to protect the privacy of the parties involved):
mail.log.0:Sep 27 12:57:50 mailguard sqlgrey: spam: 64.98.42.78: ***@hughes.net -> ***@some-domain.com at 2012-09-26 12:48:21
mail.log.0:Sep 27 12:57:50 mailguard sqlgrey: spam: 64.98.42.70: ***@hughes.net -> ***@some-domain.com at 2012-09-26 12:48:22
mail.log.0:Sep 27 12:57:50 mailguard sqlgrey: spam: 64.98.42.102: ***@hughes.net -> ***@some-domain.com at 2012-09-26 12:55:33
mail.log.0:Sep 27 13:27:51 mailguard sqlgrey: spam: 64.98.42.138: ***@hughes.net -> ***@some-domain.com at 2012-09-26 13:05:13
mail.log.0:Sep 27 13:27:51 mailguard sqlgrey: spam: 64.98.42.125: ***@hughes.net -> ***@some-domain.com at 2012-09-26 13:25:17
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.52: ***@hughes.net -> ***@some-domain.com at 2012-09-25 10:55:38
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.19: ***@hughes.net -> ***@some-domain.com at 2012-09-25 10:55:45
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.86: ***@hughes.net -> ***@some-domain.com at 2012-09-25 11:05:17
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.25: ***@hughes.net -> ***@some-domain.com at 2012-09-25 11:15:18
mail.log.1.gz:Sep 26 11:51:41 mailguard sqlgrey: spam: 64.98.42.56: ***@hughes.net -> ***@some-domain.com at 2012-09-25 11:35:17
mail.log.1.gz:Sep 26 12:21:43 mailguard sqlgrey: spam: 64.98.42.95: ***@hughes.net -> ***@some-domain.com at 2012-09-25 12:15:18
mail.log.1.gz:Sep 26 13:25:18 mailguard postfix/smtpd[11067]: NOQUEUE: reject: RCPT from smtprelay0125.b.hostedemail.com[64.98.42.125]: 554 5.7.1 Service unavailable; Client host [64.98.42.125] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?64.98.42.125; from=<***@hughes.net> to=<***@some-domain.com> proto=ESMTP helo=<smtprelay.b.hostedemail.com>
mail.log.1.gz:Sep 26 13:51:59 mailguard sqlgrey: spam: 64.98.42.117: ***@hughes.net -> ***@some-domain.com at 2012-09-25 13:25:16
mail.log.1.gz:Sep 26 14:52:02 mailguard sqlgrey: spam: 64.98.42.64: ***@hughes.net -> ***@some-domain.com at 2012-09-25 14:35:17
mail.log.1.gz:Sep 26 15:52:04 mailguard sqlgrey: spam: 64.98.42.135: ***@hughes.net -> ***@some-domain.com at 2012-09-25 15:45:16
mail.log.1.gz:Sep 26 17:22:13 mailguard sqlgrey: spam: 64.98.42.8: ***@hughes.net -> ***@some-domain.com at 2012-09-25 16:55:16
mail.log.1.gz:Sep 26 18:22:34 mailguard sqlgrey: spam: 64.98.42.77: ***@hughes.net -> ***@some-domain.com at 2012-09-25 18:05:18
mail.log.1.gz:Sep 26 19:22:39 mailguard sqlgrey: spam: 64.98.42.82: ***@hughes.net -> ***@some-domain.com at 2012-09-25 19:15:19
mail.log.1.gz:Sep 26 20:52:52 mailguard sqlgrey: spam: 64.98.42.227: ***@hughes.net -> ***@some-domain.com at 2012-09-25 20:25:17
mail.log.1.gz:Sep 26 21:52:58 mailguard sqlgrey: spam: 64.98.42.223: ***@hughes.net -> ***@some-domain.com at 2012-09-25 21:35:16
mail.log.1.gz:Sep 26 22:53:14 mailguard sqlgrey: spam: 64.98.42.51: ***@hughes.net -> ***@some-domain.com at 2012-09-25 22:45:19
mail.log.1.gz:Sep 27 00:23:30 mailguard sqlgrey: spam: 64.98.42.40: ***@hughes.net -> ***@some-domain.com at 2012-09-25 23:55:17
mail.log.1.gz:Sep 27 01:24:27 mailguard sqlgrey: spam: 64.98.42.144: ***@hughes.net -> ***@some-domain.com at 2012-09-26 01:05:16
mail.log.1.gz:Sep 27 02:25:07 mailguard sqlgrey: spam: 64.98.42.129: ***@hughes.net -> ***@some-domain.com at 2012-09-26 02:15:15
I have added the following to my clients_ip_whitelist.local:
64.98.42 # Hughes.Net uses a pool of IPs for SMTP & retries from a different IP every time. Doesn't work for greylisting.
I suggest everyone else do the same until it is added to the globally updated list.
Thanks,
-
Doug Mortensen
Network Consultant
Impala Networks Inc
CCNA, MCSA, Security+, A+
Linux+, Network+, Server+
A.A.S. Information Technology
.
www.impalanetworks.com<http://www.impalanetworks.com/>
P: (505) 327-7300
F: (505) 327-7545
This is for Hughes.Net, who is a fairly large ISP in the USA. They use a different SMTP server for every reconnect/retry after having been deferred for greylisting. See an example below from my spam filter's logs this week (I have changed the email addresses in order to protect the privacy of the parties involved):
mail.log.0:Sep 27 12:57:50 mailguard sqlgrey: spam: 64.98.42.78: ***@hughes.net -> ***@some-domain.com at 2012-09-26 12:48:21
mail.log.0:Sep 27 12:57:50 mailguard sqlgrey: spam: 64.98.42.70: ***@hughes.net -> ***@some-domain.com at 2012-09-26 12:48:22
mail.log.0:Sep 27 12:57:50 mailguard sqlgrey: spam: 64.98.42.102: ***@hughes.net -> ***@some-domain.com at 2012-09-26 12:55:33
mail.log.0:Sep 27 13:27:51 mailguard sqlgrey: spam: 64.98.42.138: ***@hughes.net -> ***@some-domain.com at 2012-09-26 13:05:13
mail.log.0:Sep 27 13:27:51 mailguard sqlgrey: spam: 64.98.42.125: ***@hughes.net -> ***@some-domain.com at 2012-09-26 13:25:17
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.52: ***@hughes.net -> ***@some-domain.com at 2012-09-25 10:55:38
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.19: ***@hughes.net -> ***@some-domain.com at 2012-09-25 10:55:45
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.86: ***@hughes.net -> ***@some-domain.com at 2012-09-25 11:05:17
mail.log.1.gz:Sep 26 11:21:38 mailguard sqlgrey: spam: 64.98.42.25: ***@hughes.net -> ***@some-domain.com at 2012-09-25 11:15:18
mail.log.1.gz:Sep 26 11:51:41 mailguard sqlgrey: spam: 64.98.42.56: ***@hughes.net -> ***@some-domain.com at 2012-09-25 11:35:17
mail.log.1.gz:Sep 26 12:21:43 mailguard sqlgrey: spam: 64.98.42.95: ***@hughes.net -> ***@some-domain.com at 2012-09-25 12:15:18
mail.log.1.gz:Sep 26 13:25:18 mailguard postfix/smtpd[11067]: NOQUEUE: reject: RCPT from smtprelay0125.b.hostedemail.com[64.98.42.125]: 554 5.7.1 Service unavailable; Client host [64.98.42.125] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?64.98.42.125; from=<***@hughes.net> to=<***@some-domain.com> proto=ESMTP helo=<smtprelay.b.hostedemail.com>
mail.log.1.gz:Sep 26 13:51:59 mailguard sqlgrey: spam: 64.98.42.117: ***@hughes.net -> ***@some-domain.com at 2012-09-25 13:25:16
mail.log.1.gz:Sep 26 14:52:02 mailguard sqlgrey: spam: 64.98.42.64: ***@hughes.net -> ***@some-domain.com at 2012-09-25 14:35:17
mail.log.1.gz:Sep 26 15:52:04 mailguard sqlgrey: spam: 64.98.42.135: ***@hughes.net -> ***@some-domain.com at 2012-09-25 15:45:16
mail.log.1.gz:Sep 26 17:22:13 mailguard sqlgrey: spam: 64.98.42.8: ***@hughes.net -> ***@some-domain.com at 2012-09-25 16:55:16
mail.log.1.gz:Sep 26 18:22:34 mailguard sqlgrey: spam: 64.98.42.77: ***@hughes.net -> ***@some-domain.com at 2012-09-25 18:05:18
mail.log.1.gz:Sep 26 19:22:39 mailguard sqlgrey: spam: 64.98.42.82: ***@hughes.net -> ***@some-domain.com at 2012-09-25 19:15:19
mail.log.1.gz:Sep 26 20:52:52 mailguard sqlgrey: spam: 64.98.42.227: ***@hughes.net -> ***@some-domain.com at 2012-09-25 20:25:17
mail.log.1.gz:Sep 26 21:52:58 mailguard sqlgrey: spam: 64.98.42.223: ***@hughes.net -> ***@some-domain.com at 2012-09-25 21:35:16
mail.log.1.gz:Sep 26 22:53:14 mailguard sqlgrey: spam: 64.98.42.51: ***@hughes.net -> ***@some-domain.com at 2012-09-25 22:45:19
mail.log.1.gz:Sep 27 00:23:30 mailguard sqlgrey: spam: 64.98.42.40: ***@hughes.net -> ***@some-domain.com at 2012-09-25 23:55:17
mail.log.1.gz:Sep 27 01:24:27 mailguard sqlgrey: spam: 64.98.42.144: ***@hughes.net -> ***@some-domain.com at 2012-09-26 01:05:16
mail.log.1.gz:Sep 27 02:25:07 mailguard sqlgrey: spam: 64.98.42.129: ***@hughes.net -> ***@some-domain.com at 2012-09-26 02:15:15
I have added the following to my clients_ip_whitelist.local:
64.98.42 # Hughes.Net uses a pool of IPs for SMTP & retries from a different IP every time. Doesn't work for greylisting.
I suggest everyone else do the same until it is added to the globally updated list.
Thanks,
-
Doug Mortensen
Network Consultant
Impala Networks Inc
CCNA, MCSA, Security+, A+
Linux+, Network+, Server+
A.A.S. Information Technology
.
www.impalanetworks.com<http://www.impalanetworks.com/>
P: (505) 327-7300
F: (505) 327-7545