This is a bit off topic as it is not directly related to SA, but I'm
hoping that with the email and spam expertise on this group, someone
might throw in a useful idea - which would be much appreciated.
I have this problem on one site where most emails we send to
Hotmail/Outlook.com/Live.com em
On Mon, 18 Sep 2017, Alex wrote:
Hi,
I've whitelisted dropbox so I can use some aggressive rules to block
phishing attacks involving dropbox. The problem I'm now having is
legitimate dropbox accounts are being used to send malware with links
to dropbox accounts to download these malicious files.
On Mon, 2017-09-18 at 12:32 -0500, David Jones wrote:
> On 09/18/2017 11:52 AM, Chris wrote:
> >
> > On Mon, 2017-09-18 at 11:40 -0500, David Jones wrote:
> > >
> > > On 09/18/2017 11:14 AM, Chris wrote:
> > > >
> > > >
> > > > On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
> > > > >
> >
On 09/18/2017 01:58 PM, Alex wrote:
Hi,
I've whitelisted dropbox so I can use some aggressive rules to block
phishing attacks involving dropbox. The problem I'm now having is
legitimate dropbox accounts are being used to send malware with links
to dropbox accounts to download these malicious file
Hi,
I've whitelisted dropbox so I can use some aggressive rules to block
phishing attacks involving dropbox. The problem I'm now having is
legitimate dropbox accounts are being used to send malware with links
to dropbox accounts to download these malicious files.
https://pastebin.com/raw/PFpJeYDX
On Mon, 18 Sep 2017, Bill Cole wrote:
On 18 Sep 2017, at 12:14, Chris wrote:
[...]
On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
Why are you asking 168.150.251.35 to do DNS resolution for you? It is
not authoritative for isipp.com, so presumably you have a specific
local config causing y
On 09/18/2017 11:52 AM, Chris wrote:
On Mon, 2017-09-18 at 11:40 -0500, David Jones wrote:
On 09/18/2017 11:14 AM, Chris wrote:
On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
On 18 Sep 2017, at 10:57, Chris wrote:
[...]
I am receiving many hits on *_IADB_* rules just fine recentl
On 18 Sep 2017, at 12:14, Chris wrote:
[...]
> On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
>> Why are you asking 168.150.251.35 to do DNS resolution for you? It is
>> not authoritative for isipp.com, so presumably you have a specific
>> local config causing you to use it. It is explicitly r
On Mon, 2017-09-18 at 11:40 -0500, David Jones wrote:
> On 09/18/2017 11:14 AM, Chris wrote:
> >
> > On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
> > >
> > > On 18 Sep 2017, at 10:57, Chris wrote:
> > >
> > > [...]
> > > >
> > > >
> > > > >
> > > > >
> > > > > I am receiving many hits
On 09/18/2017 11:14 AM, Chris wrote:
On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
On 18 Sep 2017, at 10:57, Chris wrote:
[...]
I am receiving many hits on *_IADB_* rules just fine recently for
emails
from constantcontact.com and others.
I'm receiving rule hits:
TOP HAM RULES FIRED
On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
> On 18 Sep 2017, at 10:57, Chris wrote:
>
> [...]
> >
> > >
> > > I am receiving many hits on *_IADB_* rules just fine recently for
> > > emails
> > > from constantcontact.com and others.
> > I'm receiving rule hits:
> >
> > TOP HAM RULES FI
On 18 Sep 2017, at 10:57, Chris wrote:
[...]
>> I am receiving many hits on *_IADB_* rules just fine recently for
>> emails
>> from constantcontact.com and others.
>
> I'm receiving rule hits:
>
> TOP HAM RULES FIRED
> RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
> 40
On Mon, 2017-09-18 at 09:28 -0500, David Jones wrote:
> On 09/18/2017 09:12 AM, Kevin A. McGrail wrote:
> >
> > On 9/16/2017 4:36 PM, Chris wrote:
> > >
> > > I'm also seeing issues with ISIPP which is in 20_dnsbl_tests.cf.
> > > I've
> > > attached the message I sent them as well as their reply.
On 09/18/2017 09:12 AM, Kevin A. McGrail wrote:
On 9/16/2017 4:36 PM, Chris wrote:
I'm also seeing issues with ISIPP which is in 20_dnsbl_tests.cf. I've
attached the message I sent them as well as their reply. Another issue
I noticed with ISIPP is
Sep 16 12:09:38 localhost named[1284]: host unr
On 9/16/2017 4:36 PM, Chris wrote:
I'm also seeing issues with ISIPP which is in 20_dnsbl_tests.cf. I've
attached the message I sent them as well as their reply. Another issue
I noticed with ISIPP is
Sep 16 12:09:38 localhost named[1284]: host unreachable resolving
'ns1.ns.isipp.com/A/IN': 67.22
On 09/15/2017 03:33 PM, Daniel J. Luke wrote:
On Sep 15, 2017, at 12:24 PM, David Jones wrote:
You kinda have to work backwards through the scripts to find what is generating
the scores-set0 file and turning it into 72_scores.cf. I am grep'ing through
the work dir on the SA server now but it
> On Sep 15, 2017, at 12:24 PM, David Jones wrote:
>> You kinda have to work backwards through the scripts to find what is
>> generating the scores-set0 file and turning it into 72_scores.cf. I am
>> grep'ing through the work dir on the SA server now but it contains a lot
>> of files. I need to
On 09/15/2017 02:26 PM, RW wrote:
> On Fri, 15 Sep 2017 11:50:25 +0100
> Sebastian Arcus wrote:
>
>> I see this has come up again and again. Since FORGED_YAHOO_RCVD seems
>> to work by checking the address of the Yahoo smtp server in the
>> headers against a predefined list of Yahoo servers in SA,
18 matches
Mail list logo
