Oct
22

Kuopion Liikekirjapaino: hitting dead addresses, no bounce processing, not respecting opt-out

Kuopion Liikekirjapaino, a business printing house in eastern Finland, is spamming addresses they just might know to have been dead for two plus years and are not taking “no” for an answer. Innoctus, an ESP in Finland, are not processing bounces nor taking precautions to clean their customers’ lists of known dead addresses even when they have been requested to do so.

Spamming IPs: 188.117.45.169, 188.117.45.171 (October 10), 188.117.45.169, 188.117.45.173 (October 19)

On October 10, the sender attempted to send some commercial/bulk email to a number of addresses.  Some succeeded, some failed because the target address was unknown. Postfix log of delivery to this direction:

Oct 10 13:46:25 myhostname postfix/smtpd[14350]: connect from cmail1.innoctus.com[188.117.45.169]
Oct 10 13:46:25 myhostname postfix/smtpd[14350]: NOQUEUE: reject: RCPT from cmail1.innoctus.com[188.117.45.169]: 550 5.1.1 <SoFarUnknown@atro.fi>: Recipient address rejected: User unknown in local recipient table; from=<info@kuopionliikekirjapaino.fi> to=<SoFarUnknown@atro.fi> proto=ESMTP helo=<cmail1.innoctus.com>
Oct 10 13:46:25 myhostname postfix/smtpd[14350]: disconnect from cmail1.innoctus.com[188.117.45.169]

Oct 10 13:52:03 myhostname postfix/smtpd[14363]: connect from cmail3.innoctus.com[188.117.45.171]
Oct 10 13:52:03 myhostname postfix/smtpd[14363]: A4DE2794DCB: client=cmail3.innoctus.com[188.117.45.171]
Oct 10 13:52:03 myhostname postfix/cleanup[14367]: A4DE2794DCB: message-id=<20111010105203.85A0C180339@www3.innoctus.com>
Oct 10 13:52:03 myhostname postfix/smtpd[14363]: disconnect from cmail3.innoctus.com[188.117.45.171]
Oct 10 13:52:03 myhostname postfix/qmgr[2795]: A4DE2794DCB: from=<info@kuopionliikekirjapaino.fi>, size=7566, nrcpt=1 (queue active)
Oct 10 13:52:03 myhostname postfix/local[14368]: A4DE2794DCB: to=<MyLocalSpamBox>, orig_to=<AlreadyKnown@atro.fi>, relay=local, delay=0.16, delays=0.1/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail)
Oct 10 13:52:03 myhostname postfix/cleanup[14367]: C0162794DCC: message-id=<20111010105203.85A0C180339@www3.innoctus.com>
Oct 10 13:52:03 myhostname postfix/qmgr[2795]: C0162794DCC: from=<info@kuopionliikekirjapaino.fi>, size=7710, nrcpt=1 (queue active)
Oct 10 13:52:03 myhostname postfix/local[14368]: A4DE2794DCB: to=<AlreadyKnown@atro.fi>, relay=local, delay=0.22, delays=0.1/0.01/0/0.1, dsn=2.0.0, status=sent (forwarded as C0162794DCC)

A very comprehensive opt-out message was sent to the sending address, the sending domain’s postmaster and abuse, and the abuse, postmaster and CEO of the sending ESP, Innoctus, on Monday, October 10, 2011. There are no RFC-Ignorant listings as a result, and nothing in the mailer-daemon folder, and the mail logs show the messages were delivered.

Postfix log for opt-out delivery:

Oct 10 14:53:28 myhostname sendmail[14757]: p9ABrRKF014757: to=anne.penttinen at innoctus.fi,tietosuoja at om.fi,postmaster@innoctus.com,abuse@innoctus.com,abuse@kuopionliikekirjapaino.fi,postmaster@kuopionliikekirjapaino.fi,info@kuopionliikekirjapaino.fi, ctladdr=atossava (500/100), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=221828, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 36812794DCB)
Oct 10 14:53:28 myhostname postfix/smtpd[14749]: disconnect from localhost.localdomain[127.0.0.1]
Oct 10 14:53:28 myhostname postfix/smtp[14759]: 36812794DCB: to=<anne.penttinen at innoctus.fi>, relay=mail.innoctus.com[188.117.45.166]:25, delay=0.2, delays=0.09/0.03/0.04/0.04, dsn=2.0.0, status=sent (250 ok 1318247608 qp 10983 by mail.innoctus.com)
Oct 10 14:53:28 myhostname postfix/smtp[14758]: 36812794DCB: to=<abuse@innoctus.com>, relay=mail.innoctus.com[188.117.45.166]:25, delay=0.22, delays=0.09/0.06/0.03/0.04, dsn=2.0.0, status=sent (250 ok 1318247608 qp 10984 by mail.innoctus.com)
Oct 10 14:53:28 myhostname postfix/smtp[14758]: 36812794DCB: to=<postmaster@innoctus.com>, relay=mail.innoctus.com[188.117.45.166]:25, delay=0.22, delays=0.09/0.06/0.03/0.04, dsn=2.0.0, status=sent (250 ok 1318247608 qp 10984 by mail.innoctus.com)
Oct 10 14:53:28 myhostname postfix/smtp[14761]: 36812794DCB: to=<tietosuoja at om.fi>, relay=mail4.vn.fi[194.136.183.42]:25, delay=0.3, delays=0.09/0.06/0.11/0.04, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7743D26A8017)
Oct 10 14:53:29 myhostname postfix/smtp[14760]: 36812794DCB: to=<abuse@kuopionliikekirjapaino.fi>, relay=mail.cm.sonera.com[193.208.151.61]:25, delay=1.1, delays=0.09/0.04/0.87/0.06, dsn=2.0.0, status=sent (250 ok:  Message 91009728 accepted)
Oct 10 14:53:29 myhostname postfix/smtp[14760]: 36812794DCB: to=<info@kuopionliikekirjapaino.fi>, relay=mail.cm.sonera.com[193.208.151.61]:25, delay=1.1, delays=0.09/0.04/0.87/0.06, dsn=2.0.0, status=sent (250 ok:  Message 91009728 accepted)
Oct 10 14:53:29 myhostname postfix/smtp[14760]: 36812794DCB: to=<postmaster@kuopionliikekirjapaino.fi>, relay=mail.cm.sonera.com[193.208.151.61]:25, delay=1.1, delays=0.09/0.04/0.87/0.06, dsn=2.0.0, status=sent (250 ok:  Message 91009728 accepted)

(Innoctus have been aware of the state of the aforementioned addresses since August 25, 2011, at least, which is when I opted out of the mailing list of another one of their customers.)

No responses to the opt-out message. I of course enabled the address that I hadn’t seen before.

However, on October 19, more UCE (and now it is safe to use the “U” word) was received. I gave the CEO a phone call and forwarded the two new spams as per request. No response yet.

Spam headers:

From info@kuopionliikekirjapaino.fi  Wed Oct 19 14:30:14 2011
Return-Path: <info@kuopionliikekirjapaino.fi>
Received: from cmail5.innoctus.com (cmail5.innoctus.com [188.117.45.173])
by mail.atrotossavainen.fi (Postfix) with ESMTP id 774617CC189
for <UnknownLastWeek@atro.fi>; Wed, 19 Oct 2011 14:30:14 +0300 (EEST)
To: UnknownLastWeek@atro.fi
Subject: =?ISO-8859-1?Q?Uusi_n=E4ps=E4kk=E4_kalenteri_Liikekirjapainosta?=
Mime-Version: 1.0
Reply-To: info@kuopionliikekirjapaino.fi
From: info@kuopionliikekirjapaino.fi
X-Mailer: webEdition CMS
Content-Type: multipart/alternative; boundary=webEdition--f7fffbf7d7fa0a7b1db75decf1f2fc26
Message-Id: <20111019113013.E5F0E18032E@www3.innoctus.com>
Date: Wed, 19 Oct 2011 14:30:13 +0300 (EEST)
Status: RO
Content-Length: 7873
Lines: 110

From info@kuopionliikekirjapaino.fi  Wed Oct 19 14:36:01 2011
Return-Path: <info@kuopionliikekirjapaino.fi>
Received: from cmail1.innoctus.com (cmail1.innoctus.com [188.117.45.169])
by mail.atrotossavainen.fi (Postfix) with ESMTP id 842717CC189
for <AlreadyKnown@atro.fi>; Wed, 19 Oct 2011 14:36:01 +0300 (EEST)
To: AlreadyKnown@atro.fi
Subject: =?ISO-8859-1?Q?Uusi_n=E4ps=E4kk=E4_kalenteri_Liikekirjapainosta?=
Mime-Version: 1.0
Reply-To: info@kuopionliikekirjapaino.fi
From: info@kuopionliikekirjapaino.fi
X-Mailer: webEdition CMS
Content-Type: multipart/alternative; boundary=webEdition--34488368efd5fa7dab0273408e8f7cad
Message-Id: <20111019113601.61A38180357@www3.innoctus.com>
Date: Wed, 19 Oct 2011 14:36:01 +0300 (EEST)
Content-Length: 7873
Lines: 110

One Response to Kuopion Liikekirjapaino: hitting dead addresses, no bounce processing, not respecting opt-out

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go back to top