Advice (slightly off topic)
gjohnson at eduprise.com
Wed Feb 6 13:43:14 UTC 2002
I need a little advice and I figured this group would probably know
as well as any (if not better) of a possible solution.
Here's my problem. I own a domain (trantor.org) which it would appear
that someone in Argentina is trying to use. This seems the case because
I've started getting losts of bounces on my postmaster account and doing
reverse lookups and a little other digging I was able to track it down
to a cablevision provider there. They are using fibretel.com.ar's mail
servers (best I can tell they have 4; 126.96.36.199-164) so I can't be
sure. However, I've tried doing a whois and had no luck (just got a
referal to use http://www.nic.ar which really was less than helpful).
While I don't mind just deleting the email (although it is annoying)
I've started getting mail to root at trantor.org that is output from some
sort of cron job that gives me quite a bit of information that they most
likely would need for themselves (such as LIDS output). I've also
noticed that they are starting to get a few more users (since I also get
the scripts the run give the contents of /etc/passwd). I can only
forsee this problem growing larger.
My question for you guys is: What can I do about this without any really
apparent way of getting in touch with these folks (short of trying to
send a snailmail, maybe)? (I'm not that familiar with all the aspects of
dig as I've primarily used nslookup, but I'm learning)
On a positive note, they appear to have fixed their reverse lookups
which I can only assume has to do with all the bounces the ISP's
postmaster was getting from me (since I use postfix and it tends to
disallow any mail that it can't reverse lookup).
Sorry for the length of this.
-=* I'm sorry if doing things correctly offends you. *=-
More information about the bind-users