Paradise is a Spammer site..??

Discussion in 'NZ Computing' started by Gregory Parker, Dec 4, 2003.

  1. Here is part of the reject message


    Your message cannot be delivered to the following recipients:

    Recipient address:
    Reason: Server rejected MAIL FROM address.
    Diagnostic code: smtp;550 5.0.0 <>... NOVOMETRIX.COM
    REACTOR IDS - ACCESS DENIED - spammers
    Remote system: dns;smtp.ad-flow.com
    (TCP|202.0.58.22|52860|168.143.107.227|25)
    Gregory Parker, Dec 4, 2003
    #1
    1. Advertising

  2. "Gregory Parker" <> wrote in message
    news:...
    >
    >
    >
    > Here is part of the reject message
    >
    >
    > Your message cannot be delivered to the following recipients:
    >
    > Recipient address:
    > Reason: Server rejected MAIL FROM address.
    > Diagnostic code: smtp;550 5.0.0 <>...

    NOVOMETRIX.COM
    > REACTOR IDS - ACCESS DENIED - spammers
    > Remote system: dns;smtp.ad-flow.com
    > (TCP|202.0.58.22|52860|168.143.107.227|25)


    I've got one return-to-sender once and contacted the webmaster on the
    destination server. He said that Paradise was listed as source of false
    virus alarm - and the e-mail notifications sent back were flooding their
    system, so they blocked the entire domain :(

    Now, you should have had the addresses changed in your original message -
    now these poor people will suffer with more spam. Hope it wasn't your
    intention.

    --
    Mauricio Freitas
    mobility, wireless, handhelds: http://www.geekzone.co.nz
    Mauricio Freitas, Dec 4, 2003
    #2
    1. Advertising

  3. Gregory  Parker

    Shannon Guest

    On Thu, 04 Dec 2003 13:00:23 +1300, Gregory Parker
    <> wrote:

    >Here is part of the reject message
    >
    >
    >Your message cannot be delivered to the following recipients:
    >
    > Recipient address:
    > Reason: Server rejected MAIL FROM address.
    > Diagnostic code: smtp;550 5.0.0 <>... NOVOMETRIX.COM
    >REACTOR IDS - ACCESS DENIED - spammers
    > Remote system: dns;smtp.ad-flow.com
    >(TCP|202.0.58.22|52860|168.143.107.227|25)


    Hmm... the bounce you got is a bit on the vague side - normally they
    should have more information than *that*.

    But anyway, it appears Paradise are listed on various databases as
    sending out spam. Checking the specific address mentioned -
    202.0.58.22 shows:

    That's listed on SORBS as an explicit spam source.

    http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?js&IP=202.0.58.22

    and on monestead.dk

    http://moensted.dk/spam/no-more-funn/?addr=202.0.58.22

    and in the polish (?) spam.wytnij.to database

    http://spam.wytnij.to/search.php?l=eng (and manually type in the IP
    202.0.58.22 )

    Note that this particular site shows the captured spam - their example
    shows a paradise.net.nz customer, it seems to be lithoprint.co.nz,
    acting as an open relay accepting spam from the spammer and forwarding
    it on to paradise who then send it out. (Needless to say, 61.11.54.99
    the original source of this spam, is not a genuine yahoo address and
    is itself listed on many spam source lists)

    Another DNSBL says they're a multi-level-open-relay

    http://www.five-ten-sg.com/blackhole.php?202.0.58.22

    Which would agree with what spam.wytnij.to is showing.

    And finally, the dnsstuff.com meta list for this IP (Not itself a
    blocklist, but a display of other blocklists):

    http://www.dnsstuff.com/tools/ip4r.ch?ip=202.0.58.22

    Sooo.. yeah, paradise.net.nz customers may have their email blocked
    until this situation is resolved.
    Shannon, Dec 4, 2003
    #3
  4. Gregory  Parker

    bruce Guest

    so i had a look for & found my domain name (ip) on that site, there is
    only one active mail account within my domain, mine, i know i'm not
    interested in sending out spam because i dont sell anything but still i'm
    getting a load of "undeliverables" from lowlife's trying to sell viagara
    etc who are spoofing their mail with my domain.

    it appears the only thing to do is grin & bear it, i guess
    i'm lucky that all the undeliverables are coming from aol and none of my
    friends use that.

    how long will it be before the internet as we know it becomes unusable
    because of spam....



    On Thu, 04 Dec 2003 17:26:10 +1300, Shannon wrote:

    >
    > That's listed on SORBS as an explicit spam source.
    >
    > http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?js&IP=202.0.58.22
    >
    > and on monestead.dk
    >
    > http://moensted.dk/spam/no-more-funn/?addr=202.0.58.22
    >
    bruce, Dec 4, 2003
    #4
  5. Gregory  Parker

    steve Guest

    Gregory Parker allegedly said:

    >
    >
    >
    > Here is part of the reject message
    >
    >
    > Your message cannot be delivered to the following recipients:
    >
    > Recipient address:
    > Reason: Server rejected MAIL FROM address.
    > Diagnostic code: smtp;550 5.0.0 <>...
    > NOVOMETRIX.COM
    > REACTOR IDS - ACCESS DENIED - spammers
    > Remote system: dns;smtp.ad-flow.com
    > (TCP|202.0.58.22|52860|168.143.107.227|25)


    Paradise is on at least one black list. My brother's ISP - cogeco.ca -
    bounces all mail sent via paradise.

    But mail sent from my own mail server at home (on paradise cable) works
    fine.

    --
    Best Regards,
    Steve Withers
    defenestrate: The act of throwing Windows out the window and replacing it on
    your PC with some other operating system.
    steve, Dec 4, 2003
    #5
  6. Gregory  Parker

    Shannon Guest

    On Thu, 04 Dec 2003 21:03:37 +1300, bruce <> wrote:

    >so i had a look for & found my domain name (ip) on that site, there is
    >only one active mail account within my domain, mine, i know i'm not
    >interested in sending out spam because i dont sell anything but still i'm
    >getting a load of "undeliverables" from lowlife's trying to sell viagara
    >etc who are spoofing their mail with my domain.


    Your domain name, or your IP? I presume you really mean IP as these
    databases only list IP addresses - not domain names at all. If you're
    talking about 203-118-168-235.adsl.ihug.co.nz, that's not listed in
    even the SORBS DUL. I'm not clear on what your situation is - do you
    have your own machine, or are you using the services of a hosting
    company? If you have your own machine, are you talking about that
    machine's IP?

    (It's just that most of those lists will not list an IP unless that IP
    is activly sending out spam, or is an open proxy or an open relay,
    making me wonder you might have an open proxy or open relay issue)

    >it appears the only thing to do is grin & bear it, i guess
    >i'm lucky that all the undeliverables are coming from aol and none of my
    >friends use that.


    There are two possibilites that are happening. Firstly, you're being
    "joe jobbed" - so called from the joe.com domain that was the first
    victum of this sort of attack. Secondly, your mail server is in fact
    an open relay - and if you're listed on certainly blacklists,
    especially http://www.ordb.org/ , you are an open relay. (Some mail
    software is dumb and will relay mail if the spammer forges your domain
    name into the from address, which could be happening.)

    >how long will it be before the internet as we know it becomes unusable
    >because of spam....


    Slashdot talked of companies heading back to snail mail and paper to
    get rid of spam... drastic, but I can imagine for some smaller
    companies it would be worth it. :-(
    Shannon, Dec 4, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gregory  Parker

    Contant Problems with Paradise & this Web site..

    Gregory Parker, Nov 26, 2003, in forum: NZ Computing
    Replies:
    4
    Views:
    307
    Gregory Parker
    Nov 26, 2003
  2. K & S

    Site not working with Paradise.net

    K & S, Jan 8, 2004, in forum: NZ Computing
    Replies:
    3
    Views:
    391
    K & S
    Jan 8, 2004
  3. Brett Dale
    Replies:
    1
    Views:
    292
    -{-astrae-}-
    Oct 11, 2004
  4. Brett Dale

    More on paradise spammer/hacker

    Brett Dale, Oct 11, 2004, in forum: NZ Computing
    Replies:
    4
    Views:
    311
    Ross Dawson
    Oct 12, 2004
  5. SteveB
    Replies:
    0
    Views:
    3,140
    SteveB
    Mar 26, 2009
Loading...

Share This Page