I recently noticed a small detail which has allowed me to detect most of
the spam I've been receiving from random addresses ending in ".us".
On the one hand, I'd love to share my observation (and my custom rule
for detecting it), so others can benefit from my discovery.
On the other hand, I'm wor
On Wed, 26 Jul 2017, Dave Jones wrote:
On 07/26/2017 12:54 PM, David Jones wrote:
On 07/26/2017 11:50 AM, John Hardin wrote:
>
> Can anyone recommend a 3.4.1 RPM for Centos 7 x86_64, or indicate when
> 3.4.1 will be part of the base for Centos 7 / RHEL? Currently it's 3.4.0
> and that ha
On 07/26/2017 12:54 PM, David Jones wrote:
On 07/26/2017 11:50 AM, John Hardin wrote:
Can anyone recommend a 3.4.1 RPM for Centos 7 x86_64, or indicate when
3.4.1 will be part of the base for Centos 7 / RHEL? Currently it's
3.4.0 and that has some URI redirector issues.
Thx.
This worked
On 07/26/2017 11:50 AM, John Hardin wrote:
Can anyone recommend a 3.4.1 RPM for Centos 7 x86_64, or indicate when
3.4.1 will be part of the base for Centos 7 / RHEL? Currently it's 3.4.0
and that has some URI redirector issues.
Thx.
This worked for for my recent C7 rebuild:
rpmbuild --re
Am 2017-07-26 17:22, schrieb Dianne Skoll:
On Wed, 26 Jul 2017 17:15:43 +0200
Michael Storz wrote:
[...]
/boundary="-{4}=_NextPart_000_[0-9A-F]{4}_[0-9A-F]{8}\.[0-9A-F]{8}"/
You may get FPs. See for example
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolut
Can anyone recommend a 3.4.1 RPM for Centos 7 x86_64, or indicate when
3.4.1 will be part of the base for Centos 7 / RHEL? Currently it's 3.4.0
and that has some URI redirector issues.
Thx.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALah
On 2017-07-26 02:48, Rupert Gallagher wrote:
> When a mail arrives without mid, either the sender did not use a real
> SMTP server or tried to hide it. We have a custom SA rule for it. We
> also reject upfront any mid with a syntax error, or whose domain does
> not have a rdns (eg. @localhost.loca
On 26.07.17 02:48, Rupert Gallagher wrote:
+1 to remove that clause from the RFC.
I don't see any reason... btw you'd need to change it to MUST NOT for all
to stop (which is unlikelly to happen).
When a mail arrives without mid, either the sender did not use a real SMTP
server or tried to hid
On Wed, 26 Jul 2017 08:28:52 -0700 (PDT)
John Hardin wrote:
> ...all of which is, sadly, whack-a-mole.
However, there are few to no alternatives to whack-a-mole for this
spam run. The messages are pretty bland.
We've been diligently adding the URLs to our phishing list and we seem
to have caug
On Wed, 26 Jul 2017, Michael Storz wrote:
Am 2017-07-26 15:08, schrieb Dianne Skoll:
On Tue, 25 Jul 2017 08:36:22 -0400
Dianne Skoll wrote:
> All of the URLs match this pattern:
> /\/[A-Z]{4}\d{6}\/$/
We see a new variant with the subject "Your Virgin Media bill is
ready" and URLs
On Wed, 26 Jul 2017 17:15:43 +0200
Michael Storz wrote:
[...]
> /boundary="-{4}=_NextPart_000_[0-9A-F]{4}_[0-9A-F]{8}\.[0-9A-F]{8}"/
You may get FPs. See for example
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk105578
I am guessi
Am 2017-07-26 15:08, schrieb Dianne Skoll:
On Tue, 25 Jul 2017 08:36:22 -0400
Dianne Skoll wrote:
All of the URLs match this pattern:
/\/[A-Z]{4}\d{6}\/$/
We see a new variant with the subject "Your Virgin Media bill is ready"
and
URLs that match:
uri__RP_D_00108_03 /\/\d{1
On Tue, 25 Jul 2017 08:36:22 -0400
Dianne Skoll wrote:
> All of the URLs match this pattern:
> /\/[A-Z]{4}\d{6}\/$/
We see a new variant with the subject "Your Virgin Media bill is ready" and
URLs that match:
uri__RP_D_00108_03 /\/\d{12}\/[A-Z]{6}\/?$/
Regards,
Dianne.
13 matches
Mail list logo
