Le 2015-09-01 11:34, Alex a écrit :
Hi all,
I'm having a problem with "buy my list" spam and hoped someone could
help me with ideas of how to best block them.
Here's an example:
http://pastebin.com/01C1DDmq
Even a few days later, and the sending IP isn't blacklisted anywhere.
I have a couple
Alex wrote:
> Hi all,
>
> I'm having a problem with "buy my list" spam and hoped someone could
> help me with ideas of how to best block them.
>
> Here's an example:
>
> http://pastebin.com/01C1DDmq
>
> Even a few days later, and the sending IP isn't blacklisted anywhere.
> I have a couple of b
Am 01.09.2015 um 17:34 schrieb Alex:
Hi all,
I'm having a problem with "buy my list" spam and hoped someone could
help me with ideas of how to best block them.
Here's an example:
http://pastebin.com/01C1DDmq
Even a few days later, and the sending IP isn't blacklisted anywhere.
I have a coup
FYI
http://www.crn.com/news/security/300073406/doj-cryptolocker-trojan-is-now-out-of-commission.htm?cid=nl_sec#
On Jul 10, 2014, at 5:17 PM, Joe Acquisto-j4 wrote:
On 7/10/2014 at 3:35 PM, "David F. Skoll" wrote:
>> On Thu, 10 Jul 2014 12:25:50 -0700
>> Ted Mittelstaedt wrote:
>>
>>> Fundamentally I think the problem is with attachments.
>>
>> No, the problem is not with attachments. An attachme
>>> On 7/10/2014 at 3:35 PM, "David F. Skoll" wrote:
> On Thu, 10 Jul 2014 12:25:50 -0700
> Ted Mittelstaedt wrote:
>
>> Fundamentally I think the problem is with attachments.
>
> No, the problem is not with attachments. An attachment actually included
> in an email is no more dangerous than a
On Thu, 10 Jul 2014 12:25:50 -0700
Ted Mittelstaedt wrote:
> Fundamentally I think the problem is with attachments.
No, the problem is not with attachments. An attachment actually included
in an email is no more dangerous than an attachment downloaded via a link.
Email attachments are far too c
On 7/10/2014 12:12 PM, John Hardin wrote:
On Thu, 10 Jul 2014, Ted Mittelstaedt wrote:
On 7/10/2014 8:26 AM, David F. Skoll wrote:
On Wed, 9 Jul 2014 17:44:26 -0700 (PDT)
John Hardin wrote:
> I'm not excusing their approach, but I'm saying there are a lot of
> sources of real-world friction
On Thu, 10 Jul 2014, Ted Mittelstaedt wrote:
On 7/10/2014 8:26 AM, David F. Skoll wrote:
On Wed, 9 Jul 2014 17:44:26 -0700 (PDT)
John Hardin wrote:
> I'm not excusing their approach, but I'm saying there are a lot of
> sources of real-world friction that lead to suboptimal solutions like
On 7/10/14, 1:43 PM, "Ted Mittelstaedt" wrote:
>And when victim of the phish clicks on the SSL link then the browser
>sends out alarm bells that the SSL certificate is compromised and not to
>go there, eh?
If we could rely on users to not click right through that SSL warning, we
would be living
On Thu, 10 Jul 2014 11:43:21 -0700
Ted Mittelstaedt wrote:
> SO I think that using PGP was the right course of action here.
Yes, of course. But they should supply the PGP *software* using a
separate delivery mechanism from the PGP-encrypted *payload*.
Encouraging people to rename and run execut
On 7/10/2014 8:26 AM, David F. Skoll wrote:
On Wed, 9 Jul 2014 17:44:26 -0700 (PDT)
John Hardin wrote:
I'm not excusing their approach, but I'm saying there are a lot of
sources of real-world friction that lead to suboptimal solutions like
this. I expect the desire to avoid requiring install
On Thu, 10 Jul 2014, Ted Mittelstaedt wrote:
Although from the pro-gunners out there now we will hear the "software
doesn't kill people, users kill people" arguments claiming it's not
Symantec's fault
Please do not go there.
--
John Hardin KA7OHZhttp://www.impsec.org/~jh
On 7/10/2014 12:31 PM, Ted Mittelstaedt wrote:
You didn't read your own code of ethics.
It states if you have a bias, you disclose it. David HAD a bias in his
original post and DID NOT disclose it. He DID subsequently disclose
that bias AFTER I had called him on it and I commend him for it.
T
You didn't read your own code of ethics.
It states if you have a bias, you disclose it. David HAD a bias in his
original post and DID NOT disclose it. He DID subsequently disclose
that bias AFTER I had called him on it and I commend him for it.
This is the problem with codes of ethics - it's e
On 7/9/2014 5:18 PM, David F. Skoll wrote:
On Wed, 09 Jul 2014 14:44:27 -0700
Ted Mittelstaedt wrote:
David DID NOT say that. He said that "he was shocked to discover"
Why are you assuming he is under NDA or he is an employee of this
company?
Let me clarify the situation:
1) I'm the owne
I believe strongly that ALL IT admins would be well guided by reading
the SAGE ethics guide
http://www.pccc.com/base.cgim?template=sage_code_of_ethics
Can't recommend it highly enough and I think it would guide well in this
gray areas on how to handle things.
I didn't like that a poster wi
On Wed, 9 Jul 2014 17:44:26 -0700 (PDT)
John Hardin wrote:
> I'm not excusing their approach, but I'm saying there are a lot of
> sources of real-world friction that lead to suboptimal solutions like
> this. I expect the desire to avoid requiring installation (and
> maintenance!) of PGP/GPG by th
On 7/8/2014 10:41 PM, David F. Skoll wrote:
On Tue, 08 Jul 2014 21:03:35 -0400
"Kevin A. McGrail" wrote:
So this sounds like you are searching the entire email for this
string which just sounds inefficient especially if they use some big
attachments.
It's not too bad because the regex is simp
On Wed, Jul 9, 2014 at 5:44 PM, Ted Mittelstaedt wrote:
>
>
> On 7/9/2014 11:37 AM, Mauricio Tavares wrote:
>>
>> On Wed, Jul 9, 2014 at 2:23 PM, Ted Mittelstaedt wrote:
>>>
>>>
>>> First of all why do people insist on hiding names of companies that
>>> do stuff like this? It just makes it look
On Wed, 9 Jul 2014, Ted Mittelstaedt wrote:
You are an administrator. YOU ARE PAID BY CLUELESS USERS TO PROTECT
THEM AND THEIR DATA, DAMMIT.
...unless it involves some actual, you know, effort on their part.
And in this instance, Large DP Company *is* doing something proactive to
protec
On Wed, 09 Jul 2014 14:44:27 -0700
Ted Mittelstaedt wrote:
> David DID NOT say that. He said that "he was shocked to discover"
> Why are you assuming he is under NDA or he is an employee of this
> company?
Let me clarify the situation:
1) I'm the owner of Roaring Penguin, so my boss is unlikel
On 7/9/2014 11:37 AM, Mauricio Tavares wrote:
On Wed, Jul 9, 2014 at 2:23 PM, Ted Mittelstaedt wrote:
First of all why do people insist on hiding names of companies that
do stuff like this? It just makes it look like your manufacturing
an event that doesn't exist, it destroys your credibili
On Wed, Jul 9, 2014 at 2:23 PM, Ted Mittelstaedt wrote:
>
> First of all why do people insist on hiding names of companies that
> do stuff like this? It just makes it look like your manufacturing
> an event that doesn't exist, it destroys your credibility.
>
You mean besides NDAs and polici
First of all why do people insist on hiding names of companies that
do stuff like this? It just makes it look like your manufacturing
an event that doesn't exist, it destroys your credibility.
Secondly, if you think that this is an example of "badness" on Windows
security best practices you sim
On Wed, 09 Jul 2014 05:44:34 +0200
Karsten Bräckelmann wrote:
> If you deliberately try to sneak past sensible security measures, you
> should not be surprised to be blocked. The attempt by an honest user
> to disguise any $file (he did it on purpose, so he knows there's
> issues with that) is in
On Tue, 2014-07-08 at 22:41 -0400, David F. Skoll wrote:
> On Tue, 08 Jul 2014 21:03:35 -0400, Kevin A. McGrail wrote:
>
> > So this sounds like you are searching the entire email for this
> > string which just sounds inefficient especially if they use some big
> > attachments.
>
> It's not too b
On Tue, 08 Jul 2014 21:03:35 -0400
"Kevin A. McGrail" wrote:
> So this sounds like you are searching the entire email for this
> string which just sounds inefficient especially if they use some big
> attachments.
It's not too bad because the regex is simple.
> Since I'm guessing you are using M
On 7/7/2014 5:34 PM, David F. Skoll wrote:
Replying to myself...
full MSDOGEXE /\n\nTV[opqr]/
Seems to work. :)
So this sounds like you are searching the entire email for this string
which just sounds inefficient especially if they use some big attachments.
Since I'm guessing you are usin
Replying to myself...
> full MSDOGEXE /\n\nTV[opqr]/
Seems to work. :)
Regards,
David.
On Sun, 28 Jan 2007, Giampaolo Tomassoni wrote:
Yes, they are. But I see often legitimate messages like this. They are
probably used when sending something to somebody while having a voice
conversation with him/her. I did it, too.
Giampaolo,
In which case, nothing is lost if the message doe
From: Rich Shepard [mailto:[EMAIL PROTECTED]
>
> On Sun, 28 Jan 2007, John D. Hardin wrote:
>
> > Please don't ask SA to become an antivirus or attachment file type
> > security policy enforcement tool. There are already very effective tools
> > to do perform those tasks.
>
>We run only linu
On Sun, 28 Jan 2007, John D. Hardin wrote:
Please don't ask SA to become an antivirus or attachment file type
security policy enforcement tool. There are already very effective tools
to do perform those tasks.
We run only linux here, so I ignore Microsoft virii and the like. But,
when I get
On Sun, 28 Jan 2007, Rich Shepard wrote:
>The past couple of days has seen the arrival of a new mutant
> species of spam: the empty message with a Windows .exe attachment
> that is base64 encoded. SpamAssassin is giving them scores of 0.0.
Please don't ask SA to become an antivirus or attachm
From: Rich Shepard [mailto:[EMAIL PROTECTED]
>
>With your help the amount of spam getting past the various
> filters in my
> inbox (and that of my fiancee) has dropped dramatically. I appreciate
> learning from all of you.
>
>The past couple of days has seen the arrival of a new mutant s
From: Rich Shepard [mailto:[EMAIL PROTECTED]
>
>With your help the amount of spam getting past the various
> filters in my
> inbox (and that of my fiancee) has dropped dramatically. I appreciate
> learning from all of you.
>
>The past couple of days has seen the arrival of a new mutant s
to forward specific e-mail addresses
to our techs so that they can test to their own e-mail address by using
aliases in Postfix
Robert
-Original Message-
From: jdow [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 11, 2006 1:14 AM
To: users@spamassassin.apache.org
Subject: Re
I think I see what you're trying to do. You want to set up a server
which you can use to see how spamass processes individual mail
messages. A sort of mirror that you can use to see what your message
looks like after it passes through spamass.
Unfortunatly, the only possible use I can think of
From: "Giampaolo Tomassoni" <[EMAIL PROTECTED]>
OMG, listen.
We setup regular mail server for companies (mostly exchange servers). Once
we setup the mail server I want to send an e-mail from that new mail server
to [EMAIL PROTECTED] I want that email run through all the
Spamassasin tests the
If you do that you will get mugged, I promise. All you have to do is
bounce one to me and I'll crawl through the Ethernet cables, the
fiber optics, and all that crap so I can rip your throat out with
my bare teeth.
I hope that conveys the depths of depravity involved in the setup
you are proposin
Yes, right. But the abuser would simply forward an a-mail with sa scores
to the fake
originator of the triggering e-mail. I think that would be mostly useless
to spammers.
Also, if the '[EMAIL PROTECTED]' address is not too widely disclosed, there
shouldn't be
chance. Finally, if it becames to b
y how to do it.
Loren
- Original Message -
From:
Robert Swan
To: SpamAssassin Users
Sent: Tuesday, October 10, 2006 1:31
PM
Subject: RE: Ideas
OMG, listen.
We setup regular mail
server for companies (mostly exchange servers). Once we setu
On Oct 10, 2006, at 4:53 PM, Clifton Royston wrote:On Tue, Oct 10, 2006 at 04:31:54PM -0400, Robert Swan wrote: OMG, listen. We setup regular mail server for companies (mostly exchange servers). Once we setup the mail server I want to send an e-mail from that new mail server to [1][EMAIL P
On Tue, Oct 10, 2006 at 04:31:54PM -0400, Robert Swan wrote:
>OMG, listen.
>
>We setup regular mail server for companies (mostly exchange servers).
>Once we setup the mail server I want to send an e-mail from that new
>mail server to [EMAIL PROTECTED] I want that email run
>thr
Giampaolo Tomassoni wrote:
> Yes, right. But the abuser would simply forward an a-mail with sa
> scores to the fake originator of the triggering e-mail. I think that
> would be mostly useless to spammers.
To spammers, probably not. To mailbombers and other ne'er-do-wells,
it's perfect.
> Also, i
Chris
-Original Message-From: Robert Swan
[mailto:[EMAIL PROTECTED]Sent: Tuesday, October 10, 2006 4:32
PMTo: SpamAssassin UsersSubject: RE:
Ideas
OMG, listen.
We setup regular mail
server for companies (mostly exchange servers). Once we setup the mail server
I want to send
Robert Swan wrote:
> Once we setup the mail server I want to send an e-mail from that
> new mail server to [EMAIL PROTECTED] I want that email
> run through all the Spamassasin tests then sent back to me with all
> the rules that were triggered etc in the body..
Then mail sent to "[EMAIL PROTECT
So, what is so hard about that? Just setup a
server with SA, then $sa_tag_level_deflt = -100.0;
Then pop out your emails to yourself.
From: Robert Swan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 10, 2006 4:32 PMTo: SpamAssassin
UsersSubject: RE: Ideas
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 10, 2006
4:18 PM
To: Robert Swan; SpamAssassin
Users
Subject: RE: Ideas
Wait...what?
You want to setup a server that sends spam?
Why not just make an email address, stick
it on the usenet and post to a few sites, have
www.uribl.com
-Original Message-From: Robert Swan
[mailto:[EMAIL PROTECTED]Sent: Tuesday, October 10, 2006 3:56
PMTo: SpamAssassin UsersSubject: RE:
Ideas
I am trying to setup
a SPAM server to test e-mail servers, whether they are setup correctly or
not..we do mail server setups
I am trying to setup a SPAM server to test
e-mail servers, whether they are setup correctly or not..we do mail server
setups on a pretty large scale and am looking to test the servers once they are
built and installed.
Robert
Peace he would say instead of
goodbye.
Where can I get the SARE rule for this?
-Original Message-
From: Loren Wilton [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 26, 2005 12:33 PM
To: users@spamassassin.apache.org
Subject: Re: ideas on why this rule isn't working?
> Any ideas on why this isn't working? Th
@spamassassin.apache.org
Subject: Re: ideas on why this rule isn't working?
Johnson, S wrote:
> I have to admit... Some people are actually trying to help me keep bad
> material out of our school district. They are attaching a
> "sexually-explicit: text text text" in the subject line.
> No, it's not... I wonder why this is? I'm on SA 3.0.1 as well.
That rule may not have been in 3.0.1, if I recall correctly. It started as
a SARE rule and moved over at some point. Maybe that was 0.1, maybe 0.2.
Not very long ago though.
Loren
No, it's not... I wonder why this is? I'm on SA 3.0.1 as well.
-Original Message-
From: Kevin Peuhkurinen [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 26, 2005 12:06 PM
Cc: users@spamassassin.apache.org
Subject: Re: ideas on why this rule isn't working?
Johnson, S wrot
> Any ideas on why this isn't working? Thanks!
header ZXS_SEXUALLY_EXPLICIT Subject =~ /\bsexually-explicit/i
describe ZXS_SEXUALLY_EXPLICIT bad...bad...bad...
score ZXS_SEXUALLY_EXPLICIT 10
Looks good to me. Did you remember to restart spamd after you put this in a
rules file somewhere?
Actu
Johnson, S wrote:
> I have to admit… Some people are actually trying to help me keep bad
> material out of our school district. They are attaching a
> “sexually-explicit: text text text” in the subject line. So I thought
> that I’d write a rule to catch that and re-route the mail to the
> blackho
Johnson, S wrote:
I have to admit… Some people are actually trying to help me keep bad
material out of our school district. They are attaching a
“sexually-explicit: text text text” in the subject line. So I thought
that I’d write a rule to catch that and re-route the mail to the
blackhole. An
58 matches
Mail list logo
