I'm attaching the original spam message as is (in Outlook .msg format).
You'll be able to see my SA full report in the headers.
I don't think it would matter much because in my posting here I put
the original HTML HREF tag that includes the URI that should be
caught.
On 8/29/05, Craig McLean <[EMA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea wrote:
| Craig McLean wrote:
|
|> -BEGIN PGP SIGNED MESSAGE-
|> Hash: SHA1
|>
|> 3.1.0-rc1 nailed it to the wall.
|>
|> Craig.
| <...>
|> domain
|> | 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
|> bloc
Craig McLean wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3.1.0-rc1 nailed it to the wall.
Craig.
<...>
domain
| 4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
| [URIs: moonboard.info]
Did you detect that with a redirector
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3.1.0-rc1 nailed it to the wall.
Craig.
Ilan Aisic wrote:
|
| pts rule name description
| --
- --
| 0.9 RCVD_BY_IP Received by mail server with no na
Perhaps changing the uri check would be a short-term fix. There is a
redirector pattern detector in SA which would be the right thing to fix.
Loren
This is a sniplet from spam content I got:
http://chietaphi.com/catalog/redirect.php?action=url&goto=www.vxneev.moonboard.info/?100aa983aGd9080f4c0bfF3c1362f8e1";>Just
VISlT EPharmaccy-By
It did not trigger any of the URI rules even though moonboard.info is
listed in all the places.
They have exp
