Hi all, is anyone else seeing a constant stream of spam **again** emanating
from Orcon ?
( now added to "hosts.deny" )
Received: from dbmail-mx1.orcon.co.nz (loadbalancer-VIP.orcon.net.nz
by *removed* (8.12.8/8.12.8) with ESMTP id h8H63EcG011226
for <*removed*>; Wed, 17 Sep 2003 18:03:34 +1200
Received: from 22.214.171.124 ([126.96.36.199])
by dbmail-mx1.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id
for <*removed*>; Wed, 17 Sep 2003 18:02:25 +1200
Received: from uvd.cixzx.net (HELO jk0) ([188.8.131.52]) by 184.108.40.206
id <2581790-60199> for <*removed*>; Wed, 17 Se
p 2003 14:54:17 +0600
From: "Iris Oliver" <q2djix5co3u(a)eguo.com>
Reply-To: "Iris Oliver" <q2djix5co3u(a)eguo.com>
Subject: Develop a Larger Penis in Weeks
Received: from dbmail-mx3.orcon.co.nz (loadbalancer-VIP.orcon.net.nz
by *removed* (8.12.8/8.12.8) with ESMTP id h8H5UvcG011061
for <*removed*>; Wed, 17 Sep 2003 17:30:58 +1200
Received: from modemcable084.162-202-24.hull.mc.videotron.ca
by dbmail-mx3.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id
for <*removed*>; Wed, 17 Sep 2003 17:29:45 +1200
Received: from [220.127.116.11]
Wed, 17 Sep 2003 00:27:00 -0600
From: "Brianna Avery" <25mypdms(a)gateway.com>
Reply-To: "Brianna Avery" <25mypdms(a)gateway.com>
Subject: *removed* male enhancement patch 3 qchywrehm
Does anybody have a workaround. for .nz MX records
I would not have thought it would have been possible
to break the MX DNS for a .NZ via a .com fuckup.
I would think it can be fitted domestically untill the
.com situation is sorted, it is afterall in the .nz
--- MAILER-DAEMON(a)yahoo.com wrote:
> Date: 16 Sep 2003 23:46:40 -0000
> From: MAILER-DAEMON(a)yahoo.com
> To: axpunix(a)yahoo.com
> Subject: failure delivery
> Message from yahoo.com.
> Unable to deliver message to the following
> 18.104.22.168 does not like recipient.
> Remote host said: 550 User domain does not exist.
> Giving up on 22.214.171.124.
> --- Original message follows.
> Return-Path: <axpunix(a)yahoo.com>
> Received: from [126.96.36.199] by
> web13601.mail.yahoo.com via HTTP; Tue, 16 Sep 2003
> 16:46:40 PDT
> Date: Tue, 16 Sep 2003 16:46:40 -0700 (PDT)
> From: Stephen Sheehan <axpunix(a)yahoo.com>
> Subject: test
> To: erkel(a)eaudio.co.nz
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
I support what ever can be done to bring Verisign into line...
I have reviewed the link (above) showing the dramatic effect of Verisigns
"e-jack" and wonder whether there may be a parallel to the similar situation
were Worldcom highjacked telephone traffic in the US to route it via Canada
in order to "deceive and defraud AT&T into paying termination fees."
Doesn't this action unnecessarily generate revenue and costs for networks
which send and receive traffic to/from verisign.com site... Who is winning
here anyone besides Verisign...
From: Keith Davidson [mailto:email@example.com]
Sent: Wednesday, September 17, 2003 08:30
Subject: Re: [nznog] Email for domains hosted by 2day.com
> Was thinking more about ICANN, actually. There doesn't appear to be any
> mechanism to guard against the mistake that affected 2day.com. I realise
> it's .com we're talking about, but it did affect .nz users as well.
What Veri$ign wants, ICANN provides - and I've never seen the reverse occur.
> Is it really a good idea to have a single point of failure like this?
NZNOG mailing list
Isn't there a requirement for registrants in .nz to provide accurate
Does that look like a NZ phone number?
Then there's waiariki.ac.nz, which was joe-jobbed by a spammer recently.
The registrant and admin email bounces.
You have to vote first. Then after some time, (Server must be slow), you get a
popup window with the results.
> Where do you go to see the current figure?
> On Wednesday, September 17, 2003, at 03:30 PM, Michael Hallager wrote:
> > Done. He is at 95% disapproval rating now.
> >> http://www.forbes.com/2003/05/01/cx_ceointernetpoll.html
> >> Let's give him a 1% approval rating for September.
> > Michael Hallager
> > Managing Director
> > Networkstuff Limited
> > URL: http://www.networkstuff.co.nz
> > Networkstuff, NZ's leading supplier of high quality used networking
> > equipment.
> > E-Mail: michael @ networkstuff.co.nz
> > Member of the NZ Open Source Society.
> > Member of the Auckland VHF Group.
> > Amateur radio callsign: ZL1VMH.
> > _______________________________________________
> > NZNOG mailing list
> > NZNOG(a)list.waikato.ac.nz
> > http://list.waikato.ac.nz/mailman/listinfo/nznog
Networkstuff, NZ's leading supplier of high quality used networking equipment.
E-Mail: michael @ networkstuff.co.nz
Member of the NZ Open Source Society.
Member of the Auckland VHF Group.
Amateur radio callsign: ZL1VMH.
In message <Pine.WNT.4.55.0309172044160.696@den3>, Juha Saarinen writes:
>On Wed, 17 Sep 2003, Keith Davidson wrote:
>> If someone of a technical nature wanted to draft up something more
>> useful than a moan at ICANN / Verisign, I'd be happy to mobilise
>> InternetNZ to take the issue further.
>Most of the techie stuff should be conveniently there in Google/Froups.
I think the point was that someone technical write it up in a single
document which InternetNZ can then put forward -- that has the best
chance of ensuring nothing gets overlooked and no one gets the wrong end
of the stick through not being experienced with all the hands-on
And if nothing else it's probably useful to have a single document to
wave at people saying "these are all the bad things you've caused by
>> Hey folks.
>> Anyone who's using Exim 4 might want to take a look at this:
> I haven't used dnsdb before (seems very useful) -- can you explain a
> how the condition works?
An explanation of dnsdb can be found at
The condition quite simply uses the lookup expansion via dnsdb to look
up the a record for $sender_address_domain (ie the domain name of the
sender address). If there is a successful lookup it returns the value
of the lookup (ie the resolved address) or simply an empty string if
the lookup failed (this stops exim throwing an error). It then
compares the result with the string "188.8.131.52". If they match it
returns true, and thus the ACL declines the message, otherwise false.
Note that I am not actually using this condition myself because I wrote
a condition using SQL to check against a whole bunch of addresses
instead, but I figured some people here would be less fortunate :)
Director, Giant Robot Ltd
ha ha - great - quick off the mark.
can crank the bit rate a bit i'm thinking - as long as the boss doesn't
get to unhappy.
Mike Cooper [Actrix Support] wrote:
> On it ;-)
> Had just been bitching about the crappy range of shoutcast servers
> available about 10 mins ago :-)
> Mike Cooper - Actrix Support
> m.cooper(a)actrix.co.nz <mailto:firstname.lastname@example.org>
> Phone: 0800 228-749
> Fax: (04) 801 5335
> www.actrix.co.nz <http://www.actrix.co.nz>
> ----- Original Message -----
> From: Gavin Legge [Invincible Technologies Limited]
> To: nznog(a)list.waikato.ac.nz <mailto:email@example.com>
> Sent: Wednesday, September 17, 2003 7:11 PM
> Subject: [nznog] shamelessly off topic
> For all of us poor New Zealand sysadmin's needing NZ music to 'keep the
> internet running by' try http://gavweb.dts.net.nz:8000
> Ok, it's only a baby server (only 5 at a time please - don't fight!)
> it's just proof of concept for now. (part of gavland.co.nz)
> plenty of interesting NZ music for all.
> I know - looks like a shameless plug but really just trying to point
> some traffic at the poor old 100mhz 586. see if it breaks. I truly
> hope not.
> NZNOG mailing list
> NZNOG(a)list.waikato.ac.nz <mailto:NZNOG@list.waikato.ac.nz>