[EMAIL PROTECTED] said:
> On Tue, 17 May 2005, Dennis Peterson wrote:
>
>> > We've seen a huge number of increased failed ssh logins, however, I
>> can't
>> > exactly corrolate it with anything specific. They appear to be
>> zombies
>> > scanning for known default passwords.
>>
>> The kickoff date
Apostolos Papayanakis:
>There seems to be
>a problem with the initial "From " line in the viral mbox-style mailbox
>(removing it hides the virus from clamdscan).
I can confirm this. If I remove the "From " line from my sample files,
clamscan says they are OK. With the "From " line, they show as
Odhiambo Washington said:
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20050518 07:39]: wrote:
>>
>>
>> > >Anyone noticing any increase in failed login attempts via ssh? I have
>> and
>> > >the timing associates well with the recent outbreak.
>>
>> We've seen a huge number of increased failed ssh log
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [20050518 07:39]: wrote:
>
>
> > >Anyone noticing any increase in failed login attempts via ssh? I have and
> > >the timing associates well with the recent outbreak.
>
> We've seen a huge number of increased failed ssh logins, however, I can't
> exactly c
On Wednesday 18 May 2005 00:57, Apostolos Papayanakis wrote:
> Nigel,
>
> thanks for your immediate response, clamav and clamav-milter user
> support is unprecedented!
>
> Did the viral mail you sent me as a test
> (http://users.auth.gr/~apap/spurious-viral-mbox), passed through your lo
On Tue, 17 May 2005, Dennis Peterson wrote:
> > We've seen a huge number of increased failed ssh logins, however, I can't
> > exactly corrolate it with anything specific. They appear to be zombies
> > scanning for known default passwords.
>
> The kickoff date here was May 4. Nothing in the logs
[EMAIL PROTECTED] said:
>
>
>> >Anyone noticing any increase in failed login attempts via ssh? I have
>> and
>> >the timing associates well with the recent outbreak.
>
> We've seen a huge number of increased failed ssh logins, however, I can't
> exactly corrolate it with anything specific. They ap
Eric J. Wisti said:
>
> /var/run on Solaris is a virtual file system (similar to default /tmp). It
> doesn't stay around after a shutdown/reboot. I have added 'test -d
> /var/run/clamd || mkdir /var/run/clamd && chown clamav:clamav
> /var/run/clamd' to my startup script.
>
> How are others with Sol
> >Anyone noticing any increase in failed login attempts via ssh? I have and
> >the timing associates well with the recent outbreak.
We've seen a huge number of increased failed ssh logins, however, I can't
exactly corrolate it with anything specific. They appear to be zombies
scanning for kn
/var/run on Solaris is a virtual file system (similar to default /tmp). It
doesn't stay around after a shutdown/reboot. I have added 'test -d
/var/run/clamd || mkdir /var/run/clamd && chown clamav:clamav
/var/run/clamd' to my startup script.
How are others with Solaris handling the socket?
Than
>It certainly doesn't appear to. I am not sure why, though. Attached is
>a diff of the outputs of your run and a run here of clamscan (0.85,
>though). Maybe somebody else can spot the problem.
>
> LibClamAV debug: fileblobDestroy: textpart
> LibClamAV debug: cli_mbox returning 0
>+LibClamAV debu
Hi,
I have just installed clamav latest version on solaris 8. Every thing works
fine, i followed the instructions from www.brandonhutchinson.com .
When i reboots the system neither clamd nor clamav-milter starts beside this
clamav directory also get deleted. if i run it as root user it works fine
Stephen Gran said:
> On Tue, May 17, 2005 at 07:45:27PM -0700, Jef Poskanzer said:
>> >> Hmm, ScanArchive is not set. It's commented out in both my
>> clamd.conf
>> >> and in clamd.conf.default. Should I try uncommenting it?
>> >
>> >Well, there is your problem, presumably.
>>
>> Good guess, but
On Tue, May 17, 2005 at 07:45:27PM -0700, Jef Poskanzer said:
> >> Hmm, ScanArchive is not set. It's commented out in both my clamd.conf
> >> and in clamd.conf.default. Should I try uncommenting it?
> >
> >Well, there is your problem, presumably.
>
> Good guess, but after uncommenting ScanArchiv
Bart Silverstrim wrote:
On May 17, 2005, at 4:03 PM, Bill Taroli wrote:
Steffen Winther Soerensen wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar
debates? I do think -- much as you
On Tue, May 17, 2005 at 10:30:13PM -0400, Stephen Gran said:
> On Tue, May 17, 2005 at 07:27:39PM -0700, Jef Poskanzer said:
> > Hmm, ScanArchive is not set. It's commented out in both my clamd.conf
> > and in clamd.conf.default. Should I try uncommenting it?
>
> Well, there is your problem, pre
Damian Menscher wrote:
> I've been getting plenty of those German spams, and they're almost all
> coming from prod-infinitum.com.mx. Interestingly, I got one that
> spoofed its From: header as [EMAIL PROTECTED] Which indicates that an
> active clamav user is infected.
You mean a user that has a
>> Hmm, ScanArchive is not set. It's commented out in both my clamd.conf
>> and in clamd.conf.default. Should I try uncommenting it?
>
>Well, there is your problem, presumably.
Good guess, but after uncommenting ScanArchive and restarting everything,
I am still getting false positives. I captur
On Tue, May 17, 2005 at 07:27:39PM -0700, Jef Poskanzer said:
> >Well, the first wierd thing I see off the top of my head is that the
> >attached zip file never gets scanned. that would be why it's making it
> >through the milter, so that part is covered.
> >
> >Now, of course, the question is why
>and all the start up options passed to the milter.
Oh yeah:
/usr/local/sbin/clamav-milter --quiet --external
unix:/var/run/filter/clmilter.sock
___
http://lurker.clamav.net/list/clamav-users.html
>Well, the first wierd thing I see off the top of my head is that the
>attached zip file never gets scanned. that would be why it's making it
>through the milter, so that part is covered.
>
>Now, of course, the question is why? For that, i'll really need to see
>the entire config file and all the
On Tue, May 17, 2005 at 07:01:01PM -0700, Jef Poskanzer said:
> >OK, let me be completely explicit. You want both
> >Debug
> >Foreground
> >in clamd.conf. Start a single instance of the milter (by hand - no init
> >script that may daemonize the milter or otherwise hide output from you)=20
> >on a
iv'e recieve 50 failed login attempts every day
psv
- Original Message -
From: "Dennis Peterson" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, May 18, 2005 9:58 AM
Subject: [Clamav-users] Sober.P sidebar topic
> Anyone noticing any increase in failed login attempts via ssh? I have and
>
On May 17, 2005, at 7:06 PM, Damian Menscher wrote:
On Tue, 17 May 2005, Dennis Peterson wrote:
Damian Menscher said:
Since you are speaking for all of us what do we think of your 5 line
sig?
I bet some of us think it sux.
As do I. But I think you'll agree it is about as dense as possible
given
>Anyone noticing any increase in failed login attempts via ssh? I have and
>the timing associates well with the recent outbreak.
Interesting if true. A few months ago the number of ssh attempts
had gotten so bad that I closed my port 22 and moved sshd to a new
port. It's not particularly secret
>OK, let me be completely explicit. You want both
>Debug
>Foreground
>in clamd.conf. Start a single instance of the milter (by hand - no init
>script that may daemonize the milter or otherwise hide output from you)=20
>on an otherwise quiescent machine. Send an email with the false negative.
Ok
Anyone noticing any increase in failed login attempts via ssh? I have and
the timing associates well with the recent outbreak.
dp ... "We're all in this together" - Red Green
___
http://lurker.clamav.net/list/clamav-users.html
Top Post?
/I keed. I hate this thread myself but I couldn't resist.
//ahh more noise ratio.
Bart Silverstrim wrote:
On May 17, 2005, at 5:35 PM, [EMAIL PROTECTED] wrote:
perhaps it's time clamav-users be split into clamav-help and
clamav-discussion. something like that maybe.
but the list is sag
On May 17, 2005, at 4:03 PM, Bill Taroli wrote:
Steffen Winther Soerensen wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar
debates? I do think -- much as you'd find in the Amavisd l
On May 17, 2005, at 5:35 PM, [EMAIL PROTECTED] wrote:
perhaps it's time clamav-users be split into clamav-help and
clamav-discussion. something like that maybe.
but the list is sagging under the weight of all this metadiscussion.
am i the only one growing weary of not just meta-discussion, but
On Tue, May 17, 2005 at 06:12:31PM -0700, Jef Poskanzer said:
> >Also, Debug in the conf file helps quite a bit, and was actually what I
> >was referring to.
>
> Ok, I uncommented that option and stopped/started clamav-milter.
> I don't see any new syslog messages, or anything on stdout. Where
>
Jef Poskanzer wrote:
> >Also, Debug in the conf file helps quite a bit, and was actually what I
> >was referring to.
>
> Ok, I uncommented that option and stopped/started clamav-milter.
> I don't see any new syslog messages, or anything on stdout. Where
> should I be looking? Do I also have to
>Also, Debug in the conf file helps quite a bit, and was actually what I
>was referring to.
Ok, I uncommented that option and stopped/started clamav-milter.
I don't see any new syslog messages, or anything on stdout. Where
should I be looking? Do I also have to re-enable the regular
logfile, in
On May 17, 2005, at 17:24, Doug Hardie wrote:
I have been running clamav 0.82.1 for some time without any known
problems. However, I finally have the time to upgrade and brought
down the FreeBSD port for 0.85.1 and installed it. Everything
seems to work properly except for clamav-milter log
On Tue, May 17, 2005 at 05:13:32PM -0700, Jef Poskanzer said:
> >Run with debugging on, send the problem emails through again, and see
> >if something shows up.
>
> Ok, this is a good suggestion.
[ ... ]
What I was hoping for would be a single run of the email through the
milter, and also debu
I should add that my /etc/syslog.conf says 'mail.* /var/log/maillog',
and /usr/local/etc/clamd.conf says 'LogFacility LOG_MAIL'
---
Jef
Jef Poskanzer [EMAIL PROTECTED] http://www.acme.com/jef/
___
http://lurker.clamav.net/list/clamav-users.htm
I have been running clamav 0.82.1 for some time without any known
problems. However, I finally have the time to upgrade and brought
down the FreeBSD port for 0.85.1 and installed it. Everything seems
to work properly except for clamav-milter logging. I had been
running clamav-milter conn
>Run with debugging on, send the problem emails through again, and see if
>something shows up.
Ok, this is a good suggestion. Looking at the clamav-milter man page
I see two different debug flag, --debug and --debug-level. I randomly
picked the latter, and tried running with --debug-level=9. Th
Nigel,
thanks for your immediate response, clamav and clamav-milter user
support is unprecedented!
Did the viral mail you sent me as a test
(http://users.auth.gr/~apap/spurious-viral-mbox), passed through your local
clamav-milter before reaching my clamav-milter that finally rejec
Damian Menscher said:
> On Tue, 17 May 2005, Dennis Peterson wrote:
>> Damian Menscher said:
>>
>>> I found Stephen Gran's comment interesting, in that he beat me to
>>> finding the bug (I'd wasted time looking in clamav-milter.c first).
>>> The rest of the posts, including your arrogant ramblings,
On Wed, 18 May 2005 01:20:48 +0200
Hermann Schaefer <[EMAIL PROTECTED]> wrote:
>
> Am 18.05.2005 um 01:16 schrieb Tomasz Kojm:
>
> > All samples should be submitted in their original forms. In this
> > case submit the zip file and if you have the password provide it in
> > the comment ("What doe
Damian Menscher wrote:
> > And did you not find the clamd log permissions debugging segment in
> > another thread educational? I did.
>
> I found Stephen Gran's comment interesting, in that he beat me to
> finding the bug (I'd wasted time looking in clamav-milter.c first).
> The rest of the pos
On Tue, 17 May 2005, Dennis Peterson wrote:
Damian Menscher said:
I found Stephen Gran's comment interesting, in that he beat me to
finding the bug (I'd wasted time looking in clamav-milter.c first).
The rest of the posts, including your arrogant ramblings, were
worthless.
I'll be damned. And here
Am 18.05.2005 um 01:16 schrieb Tomasz Kojm:
All samples should be submitted in their original forms. In this case
submit the zip file and if you have the password provide it in the
comment ("What does the virus do?") field.
Doesn't work - see first post.
Matt Fretwell wrote:
SAV probes are little less than content free spam. I have firewall rules
for offenders who don't cache their SAV results for a reasonable amount of
time.
We get hammered by these non-stop. We don't have rules targeting them
specifically, but the badly-behaved ones dig their
Damian Menscher said:
> On Tue, 17 May 2005, Dennis Peterson wrote:
> I found Stephen Gran's comment interesting, in that he beat me to
> finding the bug (I'd wasted time looking in clamav-milter.c first).
> The rest of the posts, including your arrogant ramblings, were
> worthless.
I'll be damne
On Wed, 18 May 2005 01:11:31 +0200
Hermann Schaefer <[EMAIL PROTECTED]> wrote:
>
> Am 18.05.2005 um 00:40 schrieb Tomasz Kojm:
>
> > Do not encrypt any samples to be submitted on our page.
>
> the virus/trojan comes already encrypted with the password in the
> email
All samples should be submi
Am 18.05.2005 um 00:40 schrieb Tomasz Kojm:
Do not encrypt any samples to be submitted on our page.
the virus/trojan comes already encrypted with the password in the email
___
http://lurker.clamav.net/list/clamav-users.html
On Tue, 17 May 2005, Dennis Peterson wrote:
Damian Menscher said:
Since you are speaking for all of us what do we think of your 5 line sig?
I bet some of us think it sux.
As do I. But I think you'll agree it is about as dense as possible
given the amount of information (I work two jobs, and my em
Damian Menscher said:
> On Tue, 17 May 2005, Matt Fretwell wrote:
>
>> Big :)
>
> The 100+ subscribers of this mailing list would prefer not to receive
> your meaningless one-word responses to every post.
Since you are speaking for all of us what do we think of your 5 line sig?
I bet some of us th
On Tue, 17 May 2005, Bill Taroli wrote:
> >>>If I have a server with 500 virt hosts you could get a helo from any one
> >>>of them. If you telnet back to it on port 25 what do you think you might
> >>>see? One of about 499 "liars", maybe?
> >>>
> >>>
> >>Well I am assuming that you would be
On Tue, 17 May 2005, Dennis Peterson wrote:
> > What I am saying is that if you can't do some type of verification,
> > whether it is connect-back (remember the old dialup
> > callback-verification-system?) to the sending server or SPF or some other
> > type of authentication mechanism, then you c
On Wed, 18 May 2005 00:22:05 +0200
Hermann Schaefer <[EMAIL PROTECTED]> wrote:
> .. how, if the sample is already a password-protected zip-file?
>
> Result:
> Please encrypt your ZIP files with password virus
Do not encrypt any samples to be submitted on our page.
> If I unpack the archive, the
John Jolet wrote:
>> On Tue, 17 May 2005, Matt Fretwell wrote:
>>> [EMAIL PROTECTED] wrote:
If they do have a rouge spammer on their network, they might wish
to know about it anyway.
>>>
>>> I assume that should have been rogue. ( Unless spammers have a
>>> predilection for make up :)
>
It IS a word...just not the one you wanted. swine spellchekers
On Tuesday 17 May 2005 05:12 pm, [EMAIL PROTECTED] wrote:
> On Tue, 17 May 2005, Matt Fretwell wrote:
> > [EMAIL PROTECTED] wrote:
> > > If they do have a rouge spammer on their network, they might wish to
> > > know about it anyw
Jef Poskanzer wrote:
> I really miss the days of destructive viruses. We just don't
> >really see 'em like we used to. Remember Michaelangelo? What was his
> >birthday again?
>
> Actually, I think a little stealth would be better. Something like
> silently intercepting and dropping any attemp
On Tue, 17 May 2005, Matt Fretwell wrote:
Big :)
The 100+ subscribers of this mailing list would prefer not to receive
your meaningless one-word responses to every post. Not even if you're
correcting someone else's typo (rouge->rogue). I don't want to
single you out, though. Others have been
On Tue, 17 May 2005, Matt Fretwell wrote:
> [EMAIL PROTECTED] wrote:
>
> > If they do have a rouge spammer on their network, they might wish to
> > know about it anyway.
>
> I assume that should have been rogue. ( Unless spammers have a
> predilection for make up :)
Hmm. I guess aspell thinks
[EMAIL PROTECTED] wrote:
> When our MTA's are rebuilt for the new network some of the strategies
> discussed in this thread will be implemented. Others will be
> implemented in a test-and-alert-me-only setup to see how effective it
> is. If it breaks only <1% of the mta's out there then that is
Dennis Peterson wrote:
[EMAIL PROTECTED] said:
On Tue, 17 May 2005, Dennis Peterson wrote:
I guess I'm saying that if I telnet to fw.domain.name on 25, I should
see
something like
220 fw.domain.name ESMTP mail relay.
If it doesn't say that, then it is lying to anyone who c
.. how, if the sample is already a password-protected zip-file?
Result:
Please encrypt your ZIP files with password virus
If I unpack the archive, the signature is lost and the virus will not
be detected, right?
It's a variant of Trojan.Small-77-1 called Rechnung.zip, the password
comes with t
Julian Mehnle wrote:
Bill Taroli wrote:
Eric Wheeler wrote:
[...] For email transfer and MTA's alike, putting SPF in DNS to help
"authenticate" the source is a step in the right direction. If SPF is
a good idea, and it is dns based, then so should forward-and-back
lookups.
I totally
[EMAIL PROTECTED] said:
> On Tue, 17 May 2005, Matt Fretwell wrote:
>> > True, but it could helo with its hostname and then it would match
>> > connecting back to check its 220 string. Even if its a sending
>> server,
>> > it should listen on 25 to verify that it is a mail server, even if it
>> >
[EMAIL PROTECTED] wrote:
> If they do have a rouge spammer on their network, they might wish to
> know about it anyway.
I assume that should have been rogue. ( Unless spammers have a
predilection for make up :)
Matt
___
http://lurker.clamav.net/list/
On Tue, 17 May 2005, Jef Poskanzer wrote:
> Actually, I think a little stealth would be better. Something like
> silently intercepting and dropping any attempts at opening an outbound
> email connection.
Ohh, you mean the New.net plugin?
--
Eric Wheeler
Vice President
National Security Concep
[EMAIL PROTECTED] wrote:
> What I am saying is that if you can't do some type of verification,
> whether it is connect-back (remember the old dialup
> callback-verification-system?) to the sending server or SPF or some
> other type of authentication mechanism, then you can't trust the sender.
> R
On Tue, 17 May 2005, Dennis Peterson wrote:
> Christopher X. Candreva said:
> > On Tue, 17 May 2005, Dennis Peterson wrote:
> >> What do you think the PTR for a host with 500 virtual domains might look
> >> like?
> >
> > It doesn't matter -- as long as it points to some name that points back to
Dwayne Hottinger said:
> So sorry,
> Viruses are being detected. clamd is running. The mails are being
> processed
> correctly through procmail. Its just this particular virus that isnt
> getting
> detected (Trojan.Ascetic.C). Sorry to be so vague. Its my first post to
> the
> list. If any mo
On Tue, 17 May 2005, Matt Fretwell wrote:
> > True, but it could helo with its hostname and then it would match
> > connecting back to check its 220 string. Even if its a sending server,
> > it should listen on 25 to verify that it is a mail server, even if it
> > doesn't accept mail. If it doesn
Dwayne Hottinger wrote:
> Viruses are being detected. clamd is running. The mails are being
> processed correctly through procmail. Its just this particular virus
> that isnt getting detected (Trojan.Ascetic.C). Sorry to be so vague.
> Its my first post to the list. If any more info is neede
Bill Taroli wrote:
> Eric Wheeler wrote:
> > [...] For email transfer and MTA's alike, putting SPF in DNS to help
> > "authenticate" the source is a step in the right direction. If SPF is
> > a good idea, and it is dns based, then so should forward-and-back
> > lookups.
>
> I totally agree that so
[EMAIL PROTECTED] said:
> On Tue, 17 May 2005, Dennis Peterson wrote:
>> > I guess I'm saying that if I telnet to fw.domain.name on 25, I should
>> see
>> > something like
>> >
>> > 220 fw.domain.name ESMTP mail relay.
>> >
>> > If it doesn't say that, then it is lying to anyone who connects to i
So sorry,
Viruses are being detected. clamd is running. The mails are being processed
correctly through procmail. Its just this particular virus that isnt getting
detected (Trojan.Ascetic.C). Sorry to be so vague. Its my first post to the
list. If any more info is needed just let me know. Im
Bill Taroli wrote:
> Steffen Winther Soerensen wrote:
> > This seems more like a discussion for another mailing list or a Usenet
> > group on MTAs/SMTP IMHO
>
> I don't disagree... are there any good ones for SPF or similar debates?
You're welcome to discuss things related to SPF on spf-discuss:
>Nice. That couldn't be cleaner. There are plenty of ways of
>harmlessly disabling a system (no lost data, just no boot) and that
>would certainly be an awakening call for everyone across the board.
>People would get to reinstall their os and loose at least 2hrs of
>time. I really miss the days
On Tue, 17 May 2005, Dennis Peterson wrote:
> > I guess I'm saying that if I telnet to fw.domain.name on 25, I should see
> > something like
> >
> > 220 fw.domain.name ESMTP mail relay.
> >
> > If it doesn't say that, then it is lying to anyone who connects to it.
> > Forward and back dns should
perhaps it's time clamav-users be split into clamav-help and
clamav-discussion. something like that maybe.
but the list is sagging under the weight of all this metadiscussion.
am i the only one growing weary of not just meta-discussion, but
meta-meta-discussion?
Paul Theodoropoulos
http://www.
Christopher X. Candreva said:
> On Tue, 17 May 2005, Dennis Peterson wrote:
>
>> What do you think the PTR for a host with 500 virtual domains might look
>> like?
>
> It doesn't matter -- as long as it points to some name that points back to
> the same IP. mail723.theprovidersdomain.com would wor
[EMAIL PROTECTED] wrote:
> > Once again, a sending server does not have to be a MX. Something
> > within that domain should be listening on port 25, but not always the
> > machine which is connecting to yours. Look at the hostname of my
> > machine in the headers. You will see it has rDNS and
Dwayne Hottinger wrote:
> Im having a problem with this new virus Trojan.Ascetic.C. I have clamav
> scanning mail through clamassassin (procmail). It isnt catching any of
> them. I have upgraded to the latest version of clamav and am using
> clamassassin 1.2.2. Any ideas how I can get it to
[EMAIL PROTECTED] said:
>
>
>
> On Tue, 17 May 2005, Eric J. Wisti wrote:
>
>>
>> What about the users (like me) that have one ip address to play with? Do
>> I
>> use the ONE ptr record for mail, web, dns, ftp or whatever else I choose
>> to make available to the world. Generally, only mail has a l
Dennis Peterson wrote:
> What do you think the PTR for a host with 500 virtual domains might look
> like?
Big :)
Matt
___
http://lurker.clamav.net/list/clamav-users.html
On Tue, 17 May 2005, Dennis Peterson wrote:
> What do you think the PTR for a host with 500 virtual domains might look
> like?
>
> dp
If the hosting company is some-hoster.com then (adjusting file pathing
appropriately) it might look like so:
Forward: (/var/named/some-hoster.com)
mail.some-
On Tue, 17 May 2005, Eric J. Wisti wrote:
>
> What about the users (like me) that have one ip address to play with? Do I
> use the ONE ptr record for mail, web, dns, ftp or whatever else I choose
> to make available to the world. Generally, only mail has a loose
> 'requirement' for front to
On Tue, 17 May 2005, Bill Taroli wrote:
> Matt Fretwell wrote:
> >>IMO, a sending MTA should never have its smtp port closed unless
> >>it is an end-user.
> >>
> >>
> >
> > Once again, a sending server does not have to be a MX. Something within
> >that domain should be listening on port 25, b
On Tue, 17 May 2005, Matt Fretwell wrote:
> [EMAIL PROTECTED] wrote:
>
> > IMO, a sending MTA should never have its smtp port closed unless
> > it is an end-user.
>
> Once again, a sending server does not have to be a MX. Something within
> that domain should be listening on port 25, but not
On Tue, 17 May 2005, Dennis Peterson wrote:
> What do you think the PTR for a host with 500 virtual domains might look
> like?
It doesn't matter -- as long as it points to some name that points back to
the same IP. mail723.theprovidersdomain.com would work.
===
[EMAIL PROTECTED] wrote:
Send clamav-users mailing list submissions to
clamav-users@lists.clamav.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED] said:
> On Tue, 17 May 2005, Bart Silverstrim wrote:
>
>> >> If we can standardize the set of rules and protocols required for an
>> >> MTA to accept an email, then spam will reduce. Either that or we
>> >> need to build a better mousetrap. This is jut my $0.02.
>> >
>> > How wou
What about the users (like me) that have one ip address to play with? Do I
use the ONE ptr record for mail, web, dns, ftp or whatever else I choose
to make available to the world. Generally, only mail has a loose
'requirement' for front to back dns a/ptr records, but back in the day,
so did ftp
Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
IMO, a sending MTA should never have its smtp port closed unless
it is an end-user.
Once again, a sending server does not have to be a MX. Something within
that domain should be listening on port 25, but not always the machine
which is connecti
[EMAIL PROTECTED] wrote:
> IMO, a sending MTA should never have its smtp port closed unless
> it is an end-user.
Once again, a sending server does not have to be a MX. Something within
that domain should be listening on port 25, but not always the machine
which is connecting to yours. Look at t
Bart Silverstrim wrote:
On May 17, 2005, at 3:21 PM, [EMAIL PROTECTED] wrote:
On Tue, 17 May 2005, Damian Menscher wrote:
Would the person who implements this do me a favor and make the virus
pretend to be a viagra spam? If we format the hard drives of people
that buy from spammers, and the media
Bill Taroli wrote:
> > This seems more like a discussion for another mailing list or a Usenet
> > group on MTAs/SMTP IMHO
> I don't disagree... are there any good ones for SPF or similar debates?
Postfix list: SPF practically banned except for implementation questions.
Exim list: Will probab
On Tue, 17 May 2005, Bart Silverstrim wrote:
> >> If we can standardize the set of rules and protocols required for an
> >> MTA to accept an email, then spam will reduce. Either that or we
> >> need to build a better mousetrap. This is jut my $0.02.
> >
> > How would you handle the PTR record for
On Tue, 17 May 2005, Bart Silverstrim wrote:
> >> Kill two birds with one stone... I like it.
> >
> > Nice. That couldn't be cleaner. There are plenty of ways of
> > harmlessly disabling a system (no lost data, just no boot) and that
> > would certainly be an awakening call for everyone across t
On Tue, 17 May 2005, Dennis Peterson wrote:
>
> How would you handle the PTR record for an SMTP server that hosts 500
> virtual domains?
>
Yes, I realize that getting everyone to change would be a pain in the
butt and if we can do the following it would certainly reduce spam. We
host many doma
Steffen Winther Soerensen wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar debates?
I do think -- much as you'd find in the Amavisd list -- that these
issues do tend to intersect a
Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
If we can standardize the set of rules and protocols required for an MTA
to accept an email, then spam will reduce. Either that or we need to
build a better mousetrap. This is jut my $0.02.
What time is the next rocketship to this planet you ha
[EMAIL PROTECTED] wrote:
On Mon, 16 May 2005, Bill Taroli wrote:
Matt Fretwell wrote:
plenty of legitimate MTA setups running on dynamic IP's. [...] What
really does amaze me though, is that these are generally the admins who
will turn around and say, 'Don't block (variable), you will lose
1 - 100 of 215 matches
Mail list logo
