More than likely individual systems that have had
security problems that have allowed it to become
an open relay/proxy at some point in time. Many
viruses are in circulation that open up http
and socks proxies on random ports that allow for
remote abuse. For example, here is a list of
IP addresses at MSU that have made it into
DSBL for running an open relay/proxy (multihop in
some cases):
35.9.98.20 openrelay.msu.edu
35.9.5.100 Host not found.
35.9.5.26 pilot06.cl.msu.edu
35.9.5.23 pilot03.cl.msu.edu
35.9.5.32 pilot12.cl.msu.edu
35.9.5.24 pilot04.cl.msu.edu
35.9.5.29 pilot09.cl.msu.edu
35.8.163.65 infos.ent.msu.edu
35.9.5.33 pilot13.cl.msu.edu
35.9.5.38 pilot18.cl.msu.edu
35.8.152.77 sol.bch.msu.edu
35.9.5.35 pilot15.cl.msu.edu
35.9.5.21 pilot01.cl.msu.edu
35.9.5.30 pilot10.cl.msu.edu
35.9.5.28 pilot08.cl.msu.edu
35.9.5.27 pilot07.cl.msu.edu
35.9.5.40 pilot20.cl.msu.edu
35.9.6.36 list1.cl.msu.edu
35.8.3.158 barnes.cl.msu.edu
35.9.5.25 pilot05.cl.msu.edu
35.11.14.217 Host not found.
35.8.138.21 bailey.grounds.msu.edu
35.8.74.49 Host not found.
35.11.11.172 drakesa1.user.msu.edu
35.12.228.34 sagitario.egr.msu.edu
35.12.228.22 erl.egr.msu.edu
35.8.4.18 capa1.nscl.msu.edu
35.11.186.169 cholujni.user.msu.edu
35.11.128.248 gastonkr.user.msu.edu
35.11.108.150 Host not found.
35.11.174.67 user-a4c974.user.msu.edu
35.11.243.45 user-c17701.user.msu.edu
35.11.136.221 user-b5d908.user.msu.edu
35.11.186.136 hurleyk2.user.msu.edu
35.11.221.144 user-e117e8.user.msu.edu
35.11.17.82 Host not found.
35.8.73.91 Host not found.
35.11.185.214 growstac.user.msu.edu
35.11.157.137 user-289e7e.user.msu.edu
35.11.188.47 Host not found.
35.11.202.237 user-ae18d6.user.msu.edu
35.11.96.78 Host not found.
35.11.223.124 user-1ef1ad.user.msu.edu
35.11.100.134 Host not found.
35.11.131.75 dudleym7.user.msu.edu
35.11.129.220 user-ff6e44.user.msu.edu
35.11.129.170 user-fb88bf.user.msu.edu
35.11.182.74 user-a48cbb.user.msu.edu
35.11.26.64 Host not found.
35.11.25.200 Host not found.
35.11.189.137 ealytene.user.msu.edu
35.11.15.131 Host not found.
35.11.204.6 lasordac.user.msu.edu
35.11.129.27 user-40142c.user.msu.edu
35.11.22.219 mazoraar.user.msu.edu
35.11.216.44 frazeeni.user.msu.edu
35.11.129.202 user-ce580e.user.msu.edu
35.11.147.34 garciaez-2.user.msu.edu
35.11.186.174 user-7e8ba5.user.msu.edu
35.11.108.153 Host not found.
35.11.134.25 user-3c083c.user.msu.edu
35.11.134.40 user-3cef1c.user.msu.edu
35.11.182.87 user-6cfa87.user.msu.edu
35.11.193.30 soriano1.user.msu.edu
35.11.217.5 user-9e792e.user.msu.edu
35.11.157.133 user-e197eb.user.msu.edu
35.11.157.199 user-d9a330.user.msu.edu
35.11.136.25 user-9b8fe4.user.msu.edu
35.9.136.134 eb3238p01.dhcp.egr.msu.edu
35.11.221.98 user-3a1153.user.msu.edu
35.11.97.215 Host not found.
35.11.243.119 user-3f1f9a.user.msu.edu
35.11.221.51 user-ecc099.user.msu.edu
35.8.140.60 Host not found.
35.11.215.210 Host not found.
35.8.73.54 clear.msu.edu
35.11.17.216 sonjiwon-2.user.msu.edu
35.11.97.17 Host not found.
35.9.86.101 httest.msufgp.msu.edu
35.11.100.246 Host not found.
35.8.27.38 jbpc.cem.msu.edu
35.11.98.41 Host not found.
35.11.98.4 Host not found.
35.10.239.31 fw-136.user.msu.edu
35.9.5.5 idmail.cl.msu.edu
35.9.5.41 pilot21.cl.msu.edu
35.9.5.31 pilot11.cl.msu.edu
35.9.5.39 pilot19.cl.msu.edu
35.9.5.48 pilot28.cl.msu.edu
35.9.5.47 pilot27.cl.msu.edu
35.9.5.44 pilot24.cl.msu.edu
35.8.179.21 beal.cpp.msu.edu
35.8.96.163 Host not found.
35.10.216.132 Host not found.
35.11.98.7 Host not found.
35.8.133.160 olympus.bus.msu.edu
35.8.240.113 ap-12.com.msu.edu
35.8.240.8 www.com.msu.edu
35.11.97.93 Host not found.
35.11.98.25 Host not found.
35.11.182.108 alvare20.user.msu.edu
35.11.136.50 ceokari.user.msu.edu
35.11.184.142 holmesd6.user.msu.edu
35.10.63.135 Host not found.
35.11.200.217 hollada7.user.msu.edu
35.12.26.81 pm854-29.dialip.mich.net
35.11.243.38 user-b58c92.user.msu.edu
35.11.200.191 cheejohn.user.msu.edu
35.11.245.183 user-968ba5.user.msu.edu
Note that almost every single one of these listings
means that the IP has been abusable by third parties for
any number of tasks and probably was abused in order to
make it into the list (and may still be open to abuse.)
Details for each IP can be looked up on:
http://dsbl.org/listing
AOL does its own relay / proxy testing. And uses
its own blacklist to deny mail. You may also want to
make sure that clients aren't trying to send mail with
the outgoing mailserver of openrelay.msu.edu, which is
on almost every single blacklist out there.
Hope this helps.
-Russell
Joseph Deming wrote:
> I have this problem occurring from one of my workstations. It happens
> repeatedly when sending from the same computer. Doug and others have
> verified (by sending test e-mails) that MSU has not been blocked as a
> whole and it seems unlikely that any portion of MSU has been blocked.
> More likely, individual computers have been added to their blocked IP
> list. In our case, it was the one computer on my network that managed
> to get a virus during the recent onslaught. This computer was
> mass-mailing for a few hours one day and likely that was why it was
> blocked.
|