Closing the spammer feedback loop

scumbag spammer Robert Soloway

scumbag spammer Robert Soloway

I was looking at a very quiet zoo day for email and our friends at outlook.com and india (eg scammy Microsoft) where abusing email dsn notifications.

We fixed it ala http://www.postfix.org/DSN_README.html

So I am happy*, email marketing professions not so, but if some of you abuse the clients this is what happens..

I suggest this expliot is worth fixing just to piss off all spammers (including marketing email experts).

*While the zoo’s postfix config does date in places from over ten years it is still good.

opendmarc reporting and extended thoughts

thxI decided to install some very crappy software to get dmarc reporting (my blog) working and adapted a script to suit from a blog,  it works you import, report and expire the db.

This is week long plus blog post so i may contradict myself the longer i document stuff.

However with stuff inbound to the database i got no email reports out which i can assume is due to either an error on my part, the policy not to bother them with strict compliance or the software is broken.

A brainwave I had on exploring this was that as a low traffic host (the zoo is not gmail) that email we do get is strictly controlled by rules where gmail i guess might be lax on say spam where as we are not.

So most of the email dealt with needs no dmarc action.

I will run the import , report and expire once a day and see if dmarc reporting via opendmarc is worthwhile.

Later on with reports being sent i observed some issues…

Dmarc can be abused by marketing people, and it depends on who runs the report address they specified take pure360.com.

(host x.GOOGLE.com[74.125.x.x] said:
450-4.2.1 The user you are trying to contact is receiving mail at a rate that 450-4.2.1 prevents additional messages from being delivered. Please resend your 450-4.2.1 message at a later time. If the user is able to receive mail at that 450-4.2.1 time, your message will be delivered. For more information, please 450-4.2.1 visit 450 4.2.1 – gsmtp (in reply to RCPT TO command))
dmarcreporting@pure360.com

minion

It is amusing to note that they also use gmail.

So dmarc might mismanaged by some who might know better.  Does this mean pure360.com dmarc should be ignored? what do you think.

Another retard with dmarc did the below humorous issue – Please note this was collected by dmarc, and sent by dmarc it is not a typo error by a human.

opendmarc-reports: sent report for email3.telegraph.co.uk 
to craig.millar@telegraph.co.uk (2.0.0 Ok: queued as 5F1F4BD6315)

<craig.millar@telegraph.co.uk>: host <host>.google.com[74.125.x.x] said:
550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient’s email address for typos

Plenty of other idiots exist.

(host eu-smtp-inbound-1.mimecast.com[91.220.42.241] said: 451 IP temporarily blacklisted – https://community.mimecast.com/docs/DOC-1369#451 (in reply to RCPT TO command))
dmarc@communicatorcorp.com

mindreaderNot sure they want dmarc although they request it.

(host eu-smtp-inbound-2.mimecast.com[91.220.42.241] said: 451 IP temporarily blacklisted – https://community.mimecast.com/docs/DOC-1369#451 (in reply to RCPT TO command))
rua@rac.co.uk

These appear to go hours and hours later that is getting the dmarc report back (rac do send spam) and piss off hosts when it reports back – Oh to be a mind reader.

Yet another brainwave i had was that there is no way to block ‘pfishing’ emails via opendkmarc unless there is a strict policy setup.  Unless you search headers for dmarc rules but thats down to the mta or spambotter not opendmarc.  There is an example below.

Routing loops could be a problem – ala i send mail, they send mail, we mail back etc.  Have to see on that one.  I guess you could turn off reporting which kind of makes dmarc reporting an odd idea to start with.

In the real world i found out:

If you do not import messages into sql and then close down opendmarc (say for an kernel upgrade) then opendmarc deletes the text file is one bug i noticed – not an end of the world issue but occasional one.

Another bug i noticed in 1.3.0 release (1.3.2 is debian experimental) is that opendmarc-reports will still send email out even if you had a typo in the address or email set in script (the zoo has four domains)

I noticed as our dkim signing did not initiate when it should have (my typo).

The sql data is stored although its not designed for humans to read, the xml reports which it makes and we also get from others as the zoo has dmarc are more human readable.

Microsoft (microshit) are pretty crap at dmarc -there reports leave a lot to be desired due to \n issues.

They also bounce failure – this is pure microshit in action. I perceive this as bit spammy.  It took a little time to sanitize here.

Subject x has left you a private message
From No signature information staff@hotmail.com
To technical_dmarc@zoo
Date Thu 07:46 PM
This is an email abuse report for an email message received from IP 201.217.243.222 on Thu, 19 Jan 2017 11:xx:40 -0800.
The message below did not meet the sending domain’s authentication policy.
For more information about this format please see http://www.ietf.org/rfc/rfc5965.txt.
Subject x has left you a private message
From Signature is not valid ! verified by VMessage
Sender notification+bingxia006@zoo
To REDACTED
Date Thu 04:44 PM
You have 1 new message
Crook

Crook

Typical crap from microsoft, it was spamcop proof too

Criminals also have odd dmarc setups an good example is quantumaccountingservices . net which is scammy* returned at time of wtiting

Host not found, try again

So i guess your going to get a lot of domains to ignore.

A problem i have is with multiple domain reporting (say mail.zoo mail.zoo1 etc). In the debian 1.3.0 version the first report run for mail.zoo has all the fun the other opendmarc report scripts run but have nothing to report on.  That might be a level of complexity most with one domain and one host never get to see or care about and might be down to the shit sql server it uses.

My adsp and atps lines in dns needed some tweaking since reporting uses port 25 and i use the other port for outbound mail which for over a week i failed to comprehend so this might be a postfix / amavis or some other issue i cannot resolve currently.

The zoo will not be sending reports until we figure out adsp (my blog) even though the sql import and expire work

opendmarc-spam looks interesting although a thought experiment needing a look at source code to guess how it works

That’s about it for opendmarc reporting. Tomorrow I will be delving into the science of mind reading** after all it appears to be a required skill with dmarc.

*the hint is in the name. ** i joke

syntax fun with amavis to varying results

minionAs a zoo with four domain names getting email in and out is fun. Generally spf will fix issues and with dkim and tls things get quite complex.

One area of failing was amavis which one instance inspects mail, having more than daemon now [2017] seems impossible, some years ago i had four amavis servers but attempts to recreate that left an inconsistent mess sometimes it worked and other time spewed errors by the dozen.

So it was back to improving the single instance.

But $inet_socket_port can have more than one value with = [10024,100xx,etc];

So one instance might suffice.for inbound delivery to amavis.

outbound paths are done with $forward_method and this too becomes = [‘smtp:127.0.0.1:10025’, ‘smtp:127.0.0.1:10027’] ; opposed to the simple defaults in the amavis config hiding in /etc/amavis/conf.d if your debian based like the zoo

That seems (debian stable) to work but it is not guaranteed it might and then again might go back to the first method.

Amavis with it’s perl like configuration is a learn the hard way experience if you want something extra from it.

Don’t forget those semi colons.

This kind of makes sense although it is not guaranteed that the plumbing will go to the right outout but a tolerant spf config allows for that.

I like the one daemon rather than four of them and while not perfect it will do – a discussion on atps will follow so not finished yet..

A second attempt at opendmarc

lost_touristHaving failed in my first attempt (my blog) so i decided to try again looking at blogs who confirmed my suspicions that it did not work too well i looked at how others had got the thing to ‘work’

The zoo has dane,dkim and other stuff for some time so i will not be discussing that..

There’s a public suffix list some use which is not included in the debain packaging which was fun and indicates that maybe this is a compiled from source thing rather than an os package to install – ala here is one i prepared earlier.

My first days attempts seemed to work, but i had socket problems with postfix and logging changing ownership and creating the file because that is the sort of thing that it probably needs but won’t automatically do.

On my second day i still have no damm clue as to what opendmarc should be doing. and despite my best efforts

smtpd[*]: warning: connect to Milter service unix:/var/run/opendmarc/opendmarc.sock: No such file or directory

I changed unix to local as specified in /etc/default/opendmarc making the required change to posfix and still nothing happened

so eventually i went with it takes an hour or so to get a message from postfix about the broken socket on a not that busy mail server.

 inet:127.0.0.1:54321

in opendmarc.conf , /etc/default/opendmarc and in the correct main.cf and that seemed to work in version 1.3.0 (current debian stable version)  at time of writing 1.3.1 is debian testing, and 1.3.2. in experimental so there’s no reason to expect massive changes down the release cycle.

I just have it running on four mail hosts

Here is what a correct mail log looks like

date* 17:57:49 host opendmarc[1047]: 1XX8BD6310: gmail.com pass
date* 07:30:15 host opendmarc[1047]: 5XX35BD6310: plexiglas.de none
date* 08:24:20 host opendmarc[1047]: 0XX85BD6310: factoringforless.eu none

not seen it

not seen it

That covers most use cases if hosts do not have dmarc hey that is not my fault.

Errors (or huh) are stated as

opendmarc[*]: *314: unable to parse From header field

So even the dmarc milter has problems with crap email.

For tls signed email

<example.com> SSL

is the response.

If your internal email does not outbound via a public internet address and then return* It seems opendmarc bitches and whines like

opendmarc[1047]: 23XXEBD6310: zoo** fail

However since i route fail2ban email from internal mail to a real email server those messages seem be ignored if you do not specify the opendmarc milter in the internal postfix handler we have.

I might have to add ignore hosts to a file (not done) – or fix internal relaying which is what i did

I am not sure if i can turn off rejectfailures option in opendmarc without perhaps some additional postfix plumbing but that;s my problem not yours since i am probably doing that the wrong way.

Things i have yet to do reporting***, see if the spf thing is broken in opendmarc – works.  But its working with postfix

*i see no point  ** our domains (my blog) are zoo,zoo1,zoo2,zoo3 *** needs mysql (fucking crap software) i will save for another post.

Does the monkey house save the day or will it go wrong, stay tuned for the next episode of opendmarc in draft as we attempt speak with some noteworthy retards with dmarc.

Email for imaginary zoo staff

portal2melstoriesThe monkey houses email server is quite busy and to keep it that way the website has some famous video game characters  listed in a comment in html so your usually a robot extracting them rather than a carbon based lifeform with a computer.

It amazes me that people actually email these addresses which do not exist but might because there ‘listed’.

China seems to like them and these captains of banana management, and who am i not to keep the spammers happy?  Have no idea what was sent to these imaginary zoo employees but you too can buy them from spammers.

Some spammers get close but make the most amusing mistakes, you know who to email, our imaginary zoo staff will be happy to get your email honest.

Letsencrypt finally figured out (meh)

leOne afternoon i was bored on a bank holiday and decided to go figure out letsencrypt of which my previous attempt left much to be desired (my blog).

The domain was using self signed certs for email and i had no www, and being slightly drunk certainly made it a game of it after all this has got to work somehow.

This is from debian backports, i guess i might end compiling everything if compiled from source. Since i use debian lets try and keep it the debian way.

I had to do some www config work, listening on 80 and 443 in apache, i also did some dns redirect diversions a day earlier

gets worse

gets worse

Nit pick – the man page for certbot really sucks in formatting you have to be in FULL SCREEN mode or other the formatting is shit. I smell a gnome developer.

With my config i then experimented until i hit the right command to use with apache since i have a host that does more than just one website which is where crappy website hosting will assume that you only have only one.

I used

certbot certonly –webroot -w /var/www/<host>/ -d <host>

Which picked up the config rather than assume i have only one ip address.

Anyhow i eventually got a working certificate (nice not to get a useless www. is a plus point) after some apache config work and restarts but guessing where the certs where was the next issue – a google discovered the /etc/letsencrypt/live/<host>/*.pem was the ticket.  Never trusted or knew about the automatic apache config mode of which i have no idea if that is for the 2.2 or 2.4 release.

Reconfiguring apache could be big job for me if it fucks up as we host more than one website here in the zoo on one computer.   I really do not trust certbot to configure things and i like to know how it works rather than some stuff i did not set up.

For dane (my blog)  i had to hash the cert.pem – i only really want it for that not apache, why i cant use email to approve this shit like paid certs do is beyond me, if they want a apache config i am willing to oblige it but this is me pushing the average user envelope.

Most people probably reading this probably cannot use tls in email – say gandi clients, or have dkim signed mail unless you buy a high end xen instance and configure it yourself.  tls encryption was a no in the cheapest gandi* offering when i looked.

Letsencrypt works in postfix too once you set cert,ca chain,and private key,  tlsa hashing was successful too a benefit of doing the apache ssl config.

These certs only last three months and so expect a lot of crap in /var./log/lersencrypt from python dumps which is easier said to trackdown what generates them even with cron jobs turned off although the renewal directory files appears to be adjusted by what i have no idea on.

I have now got to write a index html page and a404 explaining the reason for this bizarre oddity.  It’s a make work scheme although it will work the default index.html we all know and love..

Then your renewal – you have to setup a cron entry, in three months time i then have to hash cert.pem once again and change to dns records.

The cron scheduling may or may not be available with basic or average hosting.

I suppose it is better than self signed.

babymemeThis i suppose it not how your average website would usually get an tls cert but the monkey house is not constrained like you lot with one ip address, a virgin domain name and a strange version of dns,email and hosting.

Works here though setting hsts (my blog)  to three months is deemed ‘bad’ by some.

*gandi is a hosting firm not an indian

Dead letter abuse boxes (or an end to dmarc probers)

boredOne day they just stopped and since most of them are in China*  its been boring on the dmarc (my blog) front ever since.

However since reporting abuse to china does not work except for ‘special’ people it can be said that many Chinese isps colluded.  Any american reading this should comprehend that china is not russia

Of other countries Vietnam has one attempt, the us a couple so either there spoofing somebody without dmarc which is something i would have done months ago or the thing that controlled it is down rather the look an idiot to the once a day like China did.

I still have the data and can firewall it in seconds, the dmarc records still exist and are permanent and so I will only now report on the latest attempts and correlate with previous behaviour.

Latterly I have also caught amazon (yes the big retailer)  trying 24 attempts in one day via ec2 (my blog) – so maybe this year will be the year that the us wins the gold medal in dmarc probes over china with quantity from single hosts.

I am sure you are all looking forward to these posts.  Exciting stuff

*both HK and mainland.

even more dmarc fun

winnerChina wins again as top spoofer (my blog) Exciting stuff this honest, and since the quantity outweighs the more interesting single entries (these are all crooks and scammers) and they have mentioned before lets admire the Chinese trying again and again.

Its a shame we know but they still dont know.   Dont tell them please

I like dmarc

        1    CN    101.71.192.51    101.64.0.0/13AS4837, China Unicom Zhejiang Province Network        
        1    CN    101.71.192.96            
        1    CN    101.71.192.99            
        1    CN    101.71.193.19            
        1    CN    101.71.193.235            
        1    CN    101.71.194.100            
        1    CN    101.71.194.166            
        1    CN    101.71.194.191            
        1    CN    101.71.194.198            
        1    CN    101.71.194.207            
        1    CN    101.71.194.240            
        1    CN    101.71.195.125            
        1    CN    101.71.195.171            
        1    CN    101.71.196.140            
        1    CN    101.71.196.203            
        1    CN    101.71.196.208            
        1    CN    101.71.196.214            
        1    CN    101.71.196.233            
        1    CN    101.71.196.49            
        1    CN    101.71.196.63            
        1    CN    101.71.196.66            
        1    CN    101.71.196.70            
        1    CN    101.71.196.8            
        1    CN    101.71.196.90            
        1    CN    101.71.197.149            
        1    CN    101.71.197.22            
        1    CN    101.71.197.248            
        1    CN    101.71.197.4            
        1    CN    101.71.197.41            
        1    CN    101.71.197.60            
        1    CN    101.71.216.162            
        1    CN    101.71.216.234            
        1    CN    101.71.216.50            
        1    CN    101.71.216.64            
        1    CN    101.71.216.84            
        1    CN    101.71.217.144            
        1    CN    101.71.217.15            
        1    CN    101.71.217.192            38
        1    CN    116.216.28.57    116.216.0.0/16AS4837 CNC Group CHINA169 Sichuan Province Network        
        1    CN    116.216.28.62            2
        1    CN    118.244.252.36    118.244.0.0/16 CNC Group CHINA169 Sichuan Province network        1
        1    CN    123.158.32.39    123.152.0.0/13AS4837 CNC Group CHINA169 Zhejiang Province Network        
        1    CN    123.158.32.43            
        1    CN    123.158.33.124            
        1    CN    123.158.33.139            
        1    CN    123.158.33.145            
        1    CN    123.158.33.197            
        1    CN    123.158.33.45            
        1    CN    123.158.33.73            8
        1    CN    124.90.194.179    124.90.0.0/15AS4837 CNC Group CHINA169 Zhejiang Province Network        
        1    CN    124.90.194.31            
        1    CN    124.90.197.44            
        1    CN    124.90.198.239            
        1    CN    124.90.199.159            
        1    CN    124.90.199.235            
        1    CN    124.90.68.112            
        1    CN    124.90.68.131            
        1    CN    124.90.68.21            
        1    CN    124.90.68.223            
        1    CN    124.90.69.208            
        1    CN    124.90.69.226            
        1    CN    124.90.69.93            
        1    CN    124.90.70.193            
        1    CN    124.90.70.21            
        1    CN    124.90.70.61            
        1    CN    124.90.70.78            
        1    CN    124.90.70.79            
        1    CN    124.90.71.50            
        1    CN    124.90.71.85            20
        1    CN    218.109.10.216    WASU-BB        
        1    CN    218.109.102.29            
        1    CN    218.109.103.0            
        1    CN    218.109.104.62            
        1    CN    218.109.105.249            
        1    CN    218.109.106.230            
        1    CN    218.109.106.253            
        1    CN    218.109.106.74            
        1    CN    218.109.107.134            
        1    CN    218.109.107.152            
        1    CN    218.109.10.75            
        1    CN    218.109.108.84            
        1    CN    218.109.17.115            
        1    CN    218.109.17.7            
        1    CN    218.109.17.73            
        1    CN    218.109.220.125            
        1    CN    218.109.220.97            
        1    CN    218.109.221.247            
        1    CN    218.109.225.31            
        1    CN    218.109.228.236            
        1    CN    218.109.230.63            
        1    CN    218.109.243.110            
        1    CN    218.109.243.207            
        1    CN    218.109.253.141            
        1    CN    218.109.97.191            
        1    CN    218.109.98.81            
        1    CN    219.82.112.145            
        1    CN    219.82.112.65            
        1    CN    219.82.160.124            
        1    CN    219.82.160.96            
        1    CN    219.82.163.10            
        1    CN    219.82.164.18            
        1    CN    219.82.165.3            
        1    CN    219.82.166.132            
        1    CN    219.82.184.136            
        1    CN    219.82.185.146            
        1    CN    219.82.186.176            
        1    CN    219.82.187.68            
        1    CN    219.82.189.21            
        1    CN    219.82.190.230            
        1    CN    219.82.190.57            
        1    CN    219.82.35.1            
        1    CN    219.82.48.40            
        1    CN    219.82.50.249            
        1    CN    219.82.51.206            
        1    CN    219.82.51.75            
        1    CN    219.82.52.52            
        1    CN    219.82.54.106            
        1    CN    219.82.55.214            
        1    CN    219.82.57.167            
        1    CN    219.82.61.107            
        1    CN    219.82.62.50            52
        1    CN    58.100.0.105    Huashu media&Network Limited        
        2    CN    58.100.0.110            
        1    CN    58.100.0.130            
        1    CN    58.100.0.14            
        1    CN    58.100.0.152            
        1    CN    58.100.0.166            
        1    CN    58.100.0.173            
        1    CN    58.100.0.205            
        1    CN    58.100.0.207            
        1    CN    58.100.0.236            
        1    CN    58.100.0.252            
        1    CN    58.100.0.26            
        1    CN    58.100.0.32            
        1    CN    58.100.0.37            
        1    CN    58.100.0.41            
        2    CN    58.100.0.46            
        1    CN    58.100.0.61            
        2    CN    58.100.0.71            
        1    CN    58.100.0.73            
        1    CN    58.100.1.124            
        1    CN    58.100.1.142            
        1    CN    58.100.1.145            
        1    CN    58.100.1.155            
        1    CN    58.100.1.168            
        1    CN    58.100.1.190            
        1    CN    58.100.1.192            
        1    CN    58.100.1.194            
        1    CN    58.100.1.211            
        1    CN    58.100.1.217            
        1    CN    58.100.1.242            
        1    CN    58.100.1.251            
        1    CN    58.100.1.254            
        1    CN    58.100.1.26            
        1    CN    58.100.1.30            
        1    CN    58.100.1.44            
        1    CN    58.100.180.106            
        1    CN    58.100.180.237            
        1    CN    58.100.180.90            
        1    CN    58.100.1.81            
        1    CN    58.100.182.224            
        1    CN    58.100.1.97            
        1    CN    58.100.201.100            
        1    CN    58.100.201.104            
        2    CN    58.100.201.105            
        1    CN    58.100.201.109            
        1    CN    58.100.201.117            
        1    CN    58.100.201.121            
        1    CN    58.100.201.131            
        2    CN    58.100.201.138            
        1    CN    58.100.201.140            
        1    CN    58.100.201.147            
        1    CN    58.100.201.152            
        1    CN    58.100.201.155            
        1    CN    58.100.201.162            
        2    CN    58.100.201.163            
        2    CN    58.100.201.175            
        1    CN    58.100.201.189            
        1    CN    58.100.201.199            
        1    CN    58.100.201.207            
        1    CN    58.100.201.236            
        1    CN    58.100.201.244            
        1    CN    58.100.201.246            
        1    CN    58.100.201.253            
        1    CN    58.100.201.255            
        1    CN    58.100.201.40            
        1    CN    58.100.201.59            
        1    CN    58.100.201.81            
        1    CN    58.100.201.86            
        1    CN    58.100.201.88            
        2    CN    58.100.2.100            
        1    CN    58.100.2.108            
        1    CN    58.100.2.118            
        1    CN    58.100.2.119            
        1    CN    58.100.2.128            
        1    CN    58.100.2.153            
        1    CN    58.100.2.156            
        1    CN    58.100.2.170            
        1    CN    58.100.2.176            
        1    CN    58.100.2.186            
        1    CN    58.100.2.187            
        2    CN    58.100.2.19            
        1    CN    58.100.2.192            
        1    CN    58.100.2.197            
        1    CN    58.100.2.2            
        1    CN    58.100.2.201            
        1    CN    58.100.2.216            
        1    CN    58.100.2.220            
        1    CN    58.100.2.223            
        1    CN    58.100.2.240            
        1    CN    58.100.2.253            
        1    CN    58.100.2.29            
        1    CN    58.100.2.3            
        1    CN    58.100.2.31            
        1    CN    58.100.2.34            
        1    CN    58.100.24.0            
        1    CN    58.100.24.171            
        1    CN    58.100.24.219            
        1    CN    58.100.24.4            
        1    CN    58.100.24.57            
        1    CN    58.100.24.8            
        1    CN    58.100.24.95            
        1    CN    58.100.2.52            
        1    CN    58.100.2.55            
        1    CN    58.100.2.69            
        1    CN    58.100.2.81            
        1    CN    58.100.2.82            
        1    CN    58.100.2.94            
        1    CN    58.100.2.97            
        2    CN    58.100.3.10            
        1    CN    58.100.3.105            
        1    CN    58.100.3.107            
        1    CN    58.100.3.113            
        2    CN    58.100.3.13            
        1    CN    58.100.3.132            
        1    CN    58.100.3.14            
        1    CN    58.100.3.140            
        1    CN    58.100.3.147            
        1    CN    58.100.3.15            
        1    CN    58.100.3.154            
        1    CN    58.100.3.16            
        1    CN    58.100.3.175            
        1    CN    58.100.3.179            
        1    CN    58.100.3.184            
        2    CN    58.100.3.194            
        1    CN    58.100.3.196            
        1    CN    58.100.3.20            
        3    CN    58.100.3.208            
        1    CN    58.100.3.211            
        2    CN    58.100.3.215            
        1    CN    58.100.3.216            
        1    CN    58.100.3.218            
        1    CN    58.100.3.242            
        2    CN    58.100.3.27            
        1    CN    58.100.3.34            
        1    CN    58.100.3.4            
        1    CN    58.100.3.40            
        1    CN    58.100.3.45            
        1    CN    58.100.3.50            
        1    CN    58.100.3.51            
        1    CN    58.100.3.55            
        1    CN    58.100.3.64            
        1    CN    58.100.3.80            
        1    CN    58.100.3.9            
        1    CN    58.100.3.90            
        1    CN    58.100.4.14            
        1    CN    58.100.4.170            
        1    CN    58.100.4.177            
        1    CN    58.100.4.18            
        1    CN    58.100.4.218            
        1    CN    58.100.4.237            
        1    CN    58.100.4.248            
        1    CN    58.100.4.35            
        1    CN    58.100.4.5            
        1    CN    58.100.5.105            
        2    CN    58.100.5.13            
        1    CN    58.100.5.146            
        1    CN    58.100.5.15            
        1    CN    58.100.5.18            
        1    CN    58.100.5.180            
        1    CN    58.100.5.200            
        1    CN    58.100.5.24            
        1    CN    58.100.5.34            
        1    CN    58.100.5.72            
        1    CN    58.100.5.94            
        1    CN    58.100.6.106            
        1    CN    58.100.6.110            
        1    CN    58.100.6.124            
        1    CN    58.100.6.132            
        1    CN    58.100.6.135            
        1    CN    58.100.6.145            
        1    CN    58.100.6.198            
        1    CN    58.100.6.216            
        1    CN    58.100.6.219            
        1    CN    58.100.6.22            
        1    CN    58.100.6.247            
        1    CN    58.100.6.254            
        1    CN    58.100.6.39            
        1    CN    58.100.7.107            
        1    CN    58.100.7.113            
        1    CN    58.100.7.135            
        1    CN    58.100.7.149            
        1    CN    58.100.7.169            
        1    CN    58.100.7.18            
        1    CN    58.100.7.22            
        1    CN    58.100.7.228            
        1    CN    58.100.7.56            
        1    CN    58.100.7.84            204
        1    CN    58.101.107.89    Huashu media&Network Limited        
        1    CN    58.101.149.134            
        1    CN    58.101.149.139            
        1    CN    58.101.149.140            
        1    CN    58.101.149.143            
        1    CN    58.101.149.148            
        1    CN    58.101.149.158            
        1    CN    58.101.149.160            
        2    CN    58.101.149.177            
        1    CN    58.101.149.180            
        1    CN    58.101.149.191            
        1    CN    58.101.149.220            
        1    CN    58.101.149.221            
        1    CN    58.101.149.222            
        1    CN    58.101.149.223            
        1    CN    58.101.149.228            
        2    CN    58.101.149.233            
        3    CN    58.101.149.234            
        1    CN    58.101.149.245            
        1    CN    58.101.149.254            
        1    CN    58.101.208.115            
        1    CN    58.101.208.41            
        1    CN    58.101.211.1            
        1    CN    58.101.213.197            
        1    CN    58.101.214.24            
97% 355 1    CN    58.101.215.223            30
0.28%   1    HK    59.148.253.2    abuse@hkbn.net        1
        1    JP    114.148.3.208    OCN,JP        1
0.55% 2 1    JP    202.181.99.15    SRS SAKURA Internet Inc.        1
0.28%   1    None    228.143.204.76    Dmarc report error (not my mistake)        1
        1    US    128.238.7.189    nyu.edu        1
        1    US    131.44.184.194    754th electronic systems group 7esg        1
        1    US    140.28.152.236    disa.columbus.ns.mbx.hostmaster-dod-nic@mail.mil        1
1.10% 4 1    US    65.20.0.12    saas.noc@cp.net        1
                            
100.00%    363                        363

 

Fun blocking facebook mail

malletFacebook (or its ‘users’*) where trying to send something to an made up email address.  So i decided to block facebook mail.   Why ? – because i can

I deployed the mallet (my blog)

ip route show | grep 69.171;ip route show | grep 66.220
prohibit 69.171.232.128
prohibit 69.171.232.130
prohibit 69.171.232.135
prohibit 69.171.232.136
prohibit 69.171.232.139
prohibit 69.171.232.142
prohibit 69.171.232.143
prohibit 69.171.232.145
prohibit 69.171.232.147
prohibit 69.171.232.150
prohibit 69.171.232.151
prohibit 69.171.232.155
prohibit 69.171.232.162
prohibit 69.171.232.164
prohibit 69.171.232.165
prohibit 69.171.232.168
prohibit 69.171.232.170
prohibit 69.171.232.178
prohibit 66.220.155.141
prohibit 66.220.155.142
prohibit 66.220.155.143
prohibit 66.220.155.145
prohibit 66.220.155.147
prohibit 66.220.155.151
prohibit 66.220.155.152

toolsI hope you find this informative if your getting undeliverable crap from facebook via email.

Another facebook like name is ghostforfacebook (my blog) There worth banning too.

*i would guess crooks.