dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
701
share rss forum feed


sm5w2
Premium
join:2004-10-13
St Thomas, ON

Direct-to-MX (port 25) spam received from Bell IP space

Last friday, the mail server at $Dayjob (ISP = TS) received a spam from 184.144.186.182 (bas1-steustache35-3096492726.dsl.bell.ca) which based on previous data I have should belong to dynamically-assigned residential DSL space (I know for a fact that 184.144.x.x maps to IP addresses in Windsor ON within the past few weeks).

This is the first such receipt of a direct-to-mx (port-25) e-mail by our server from the 184.144 net-block going back 10+ years of log history.

This posting is just to alert any Bell techs of this event (no - I don't really want to post/repost this in the direct-support forum).

I thought that Bell did port-25 out-bound blocking for residential IP space... ?



ChuckcZar

@teksavvy.com

Might have been a false positive.

Expand your moderator at work


squircle

join:2009-06-23
Oakville, ON
reply to sm5w2

Re: Direct-to-MX (port 25) spam received from Bell IP space

The proper way to report this kind of thing is to abuse@sympatico.ca and abuse@bellnexxia.net, not here.



sm5w2
Premium
join:2004-10-13
St Thomas, ON

> The proper way to report this kind of thing is to
> abuse@sympatico.ca and abuse@bellnexxia.net, not here.

My intent was to ask the question "Doesn't Bell block port 25 for residential customers?" - and by way of asking, point out the incident to those whom it may concern (which has been accomplished by way of PM).

Now, if the IP address turns out to not be part of a dynamic pool, then my idea that /16 net-blocks are the smallest-size blocks that Bell assigns for one purpose or another (residential vs commercial, dynamic vs static) must be incorrect.



zed173

join:2010-07-17
Mississauga, ON

Yes they do, however what about the hostname that you posted (bas1-steustache35-3096492726.dsl.bell.ca) tells you that's residential or business?



sm5w2
Premium
join:2004-10-13
St Thomas, ON

> what about the hostname that you posted tells you that's residential or business?

It's not the host-name that's relevant (at least not for any IP's that bell doesn't allow the owner to have their own rDNS entry for).

In this case, the suspect IP belongs to the same /16 netblock (184.144.0.0/16) that I know has also contained the IP address for a residential legacy "Sympatico HSE" customer in Windsor as recently as a month ago.


13868542

join:2013-01-05
reply to sm5w2

The better question is: Who cares.

Spam is a part of life. Blacklist the IP on your mail server and move on.