MainSleaze

Some spammers have been abusing the University of Minnesota OIT email servers for months, up to dozens of attempts per day. Abuse@ and postmaster@ were notified with overwhelming evidence months ago but the spam continues to trickle through.

Some (but not all) are being rejected due to existing Spamhaus DBL listings on the SMTP from domain.

Of course the U of MN OIT email servers in net block 134.84.196.192/27 also deliver a lot of legitimate messages so it’s difficult to separate the wheat from the chaff simply by using traditional IP/SMTP DNSbls.

Here are some recent example mail logs. In these cases, the spammer is being blocked with a hard 554 SMTP error code but they keep trying over and over. There are many more duplicate/similar lines.

May 19 X 554 5.7.1 <mta-p17.oit.umn.edu[134.84.196.217]>:X; from=<bounce-X@learnwhat.info>

May 15 X 554 5.7.1 <mta-p12.oit.umn.edu[134.84.196.212]>:X; from=<bounce-X@learnwhat.info>

Apr 17 X 554 5.7.1 <mta-p10.oit.umn.edu[134.84.196.210]>:X; from=<bounce-X@greenglasses.info>

Apr  9 X 554 5.7.1 <mta-p12.oit.umn.edu[134.84.196.212]>:X; from=<msaldivia@panbo.cl>

Mar 30 X 554 5.7.1 <mta-p14.oit.umn.edu[134.84.196.214]>:X; from=<unmorally@xadkq.com>