I just now found a phish in one of my spamtraps, no surprise there.
The surprising thing is that it was sent out via a messagelabs.com
mailserver, complete with headers indicating that it passed their virus
checks.
At my end spamassassin using the ClamAV plugin, armed with the
SaneSecurity sigs det
yeah, RW pretty much hit this one on the head. You're going to need
to exempt it by IP, not by domain name.
On Thu, Nov 5, 2009 at 19:56, RW wrote:
> On Fri, 6 Nov 2009 03:28:40 +
> RW wrote:
>
>
>> The mail.nisdtx.org in the headers is
>> just a helo, so there'
On Fri, 6 Nov 2009 03:28:40 +
RW wrote:
> The mail.nisdtx.org in the headers is
> just a helo, so there's no real evidence for nisdtx.org anywhere in
> the headers. The plugin could do its own A-record lookup on
> mail.nisdtx.org and verify it against the IP addr
On Thu, 5 Nov 2009 19:39:10 -0600
Jonathan Nichols wrote:
> This might be very simple, but Botnet keeps triggering on a local
> school district. I THOUGHT that I added it to the pass_domains list
> correctly.
I'm not 100% sure, but I think the issue is that it hits BOTNET because
mail.nisdtx
This might be very simple, but Botnet keeps triggering on a local
school district. I THOUGHT that I added it to the pass_domains list
correctly.
Help!
Botnet.cf has the following in it:
botnet_pass_domains amazon\.com # they use IP in Hostname;
dorks
botnet_pass_domains
RW wrote:
On Thu, 05 Nov 2009 20:05:25 +0100
Jonas Eckerman wrote:
Marc Perkel wrote:
I don't know if it will be useful but I made a short URL provider
list that is DNS readable.
Thanks. That could be usuable in my URLRedirect plugin. A current
On Fri, Nov 6, 2009 at 00:00, John Hardin wrote:
> On Thu, 5 Nov 2009, Justin Mason wrote:
>
>> I need the "full" mails to do that -- but with the uploaded mail, yes, I
>> should do that! good point.
>
> Glad to help.
>
>> Right now, SOUGHT appears to be broken. I need to get to where the server
On Thu, 5 Nov 2009, Justin Mason wrote:
I need the "full" mails to do that -- but with the uploaded mail, yes, I
should do that! good point.
Glad to help.
Right now, SOUGHT appears to be broken. I need to get to where the
server is currently and fix it -- I don't have remote login to it at
I need the "full" mails to do that -- but with the uploaded mail, yes,
I should do that!
good point.
Right now, SOUGHT appears to be broken. I need to get to where the server is
currently and fix it -- I don't have remote login to it at the mo :(
On Thu, Nov 5, 2009 at 18:02, John Hardin wrote:
On Thu, 05 Nov 2009 20:05:25 +0100
Jonas Eckerman wrote:
> Marc Perkel wrote:
>
> > I don't know if it will be useful but I made a short URL provider
> > list that is DNS readable.
>
> Thanks. That could be usuable in my URLRedirect plugin. A current
> list of URL redirectors is the main thing
John Rudd wrote:
The point is: the URL shortening service isn't the interesting part of
the equation. The expanded URL is.
If the service uses HTTP redirects it can be checked pretty cheep, wich
is what my URLRedirct plugin does. It adds the redirected-to URL to a
messages metadata so that
Marc Perkel wrote:
I don't know if it will be useful but I made a short URL provider list
that is DNS readable.
Thanks. That could be usuable in my URLRedirect plugin. A current list
of URL redirectors is the main thing missing from that plugin.
It would be even better it included info abou
12 matches
Mail list logo
