I'm guessing they're sending this garbage to everybody who posts. ----- Forwarded message from "MDaemon at leigh.ssllock.com" <mdae...@leigh.ssllock.com> -----
Date: Tue, 04 Dec 2012 17:19:58 -0600 From: "MDaemon at leigh.ssllock.com" <mdae...@leigh.ssllock.com> Reply-To: nore...@leigh.ssllock.com To: dar...@chaosreigns.com Subject: Transient Delivery Failure X-DNSWL: No -------------------------------------------------------------------------- MDaemon Delivery Status Notification - http://www.altn.com/dsn -------------------------------------------------------------------------- The attached message had TEMPORARY non-fatal delivery errors. -------------------------------------------------------------------------- THIS IS A WARNING MESSAGE ONLY - YOU DO NOT NEED TO RESEND YOUR MESSAGE -------------------------------------------------------------------------- MDaemon is configured to automatically retry delivery at configured intervals. Subsequent attempts to deliver this message are pending. Failed address: ol2...@company.mail --- Session Transcript --- Tue 2012-12-04 17:19:33: [54:1] Session 54; child 1 Tue 2012-12-04 17:19:33: [54:1] Parsing message <xxxxxxxxxxxxxxxxxxxxxxxx\pd50000003000.msg> Tue 2012-12-04 17:19:33: [54:1] * From: dar...@chaosreigns.com Tue 2012-12-04 17:19:33: [54:1] * To: ol2...@company.mail Tue 2012-12-04 17:19:33: [54:1] * Subject: Re: Report your webmail usage Tue 2012-12-04 17:19:33: [54:1] * Size (bytes): 6325 Tue 2012-12-04 17:19:33: [54:1] * Message-ID: <20121204224257.gj12...@chaosreigns.com> Tue 2012-12-04 17:19:33: [54:1] Attempting SMTP connection to [company.mail] Tue 2012-12-04 17:19:33: [54:1] Resolving MX records for [company.mail] (DNS Server: 10.20.20.105)... Tue 2012-12-04 17:19:33: [54:1] Match to MXCACHE.DAT file: Tue 2012-12-04 17:19:33: [54:1] * P=010 D=company.mail TTL=(0) MX=[company.mail] {10.10.42.34} Tue 2012-12-04 17:19:33: [54:1] Attempting SMTP connection to [10.10.42.34:25] Tue 2012-12-04 17:19:33: [54:1] Waiting for socket connection... Tue 2012-12-04 17:19:54: [54:1] * Winsock Error 10060 Tue 2012-12-04 17:19:54: [54:1] * 10.10.42.34 added to connection failure cache for 5 minutes Tue 2012-12-04 17:19:54: [54:1] This message is 36 minutes old; it has 0 minutes left in this queue Tue 2012-12-04 17:19:54: [54:1] Remote queue lifetime exceeded; message placed in retry queue --- End Transcript --- -- This is a test server. Please do not submit support requests via this channel. X-MDAV-Result: clean X-MDAV-Processed: leigh.ssllock.com, Tue, 04 Dec 2012 16:43:26 -0600 Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by leigh.ssllock.com (leigh.ssllock.com) (MDaemon PRO v13.0.3) with ESMTP id md50000008389.msg for <me...@leigh.ssllock.com>; Tue, 04 Dec 2012 16:43:26 -0600 Authentication-Results: leigh.ssllock.com spf=pass smtp.mail=users-return-99057-Meche=leigh.ssllock....@spamassassin.apache.org; x-ip-ptr=pass dns.ptr=hermes.apache.org (ip=140.211.11.3); x-ip-helo=pass smtp.helo=mail.apache.org (ip=140.211.11.3); x-ip-mail=hardfail smtp.mail=users-return-99057-Meche=leigh.ssllock....@spamassassin.apache.org (does not match 140.211.11.3); dkim=pass header.d=chaosreigns.com (b=X4pc00xgJL; 1:0:good); Received-SPF: pass (leigh.ssllock.com: domain of users-return-99057-Meche=leigh.ssllock....@spamassassin.apache.org designates 140.211.11.3 as permitted sender) x-spf-client=MDaemon.PRO.v13.0.3 receiver=leigh.ssllock.com client-ip=140.211.11.3 envelope-from=<users-return-99057-Meche=leigh.ssllock....@spamassassin.apache.org> helo=mail.apache.org X-Spam-Processed: leigh.ssllock.com, Tue, 04 Dec 2012 16:43:26 -0600 (not processed: message spf and/or cryptographically verified and approved) X-MDPtrLookup-Result: pass dns.ptr=hermes.apache.org (ip=140.211.11.3) (leigh.ssllock.com) X-MDHeloLookup-Result: pass smtp.helo=mail.apache.org (ip=140.211.11.3) (leigh.ssllock.com) X-MDMailLookup-Result: hardfail smtp.mail=users-return-99057-Meche=leigh.ssllock....@spamassassin.apache.org (does not match 140.211.11.3) (leigh.ssllock.com) X-MDDKIM-Result: unapproved (leigh.ssllock.com) X-MDSPF-Result: pass (leigh.ssllock.com) X-Rcpt-To: me...@leigh.ssllock.com X-MDRcpt-To: me...@leigh.ssllock.com X-MDRemoteIP: 140.211.11.3 X-Envelope-From: users-return-99057-Meche=leigh.ssllock....@spamassassin.apache.org X-CAV-Result: clean Received: (qmail 24505 invoked by uid 500); 4 Dec 2012 22:43:22 -0000 Mailing-List: contact users-h...@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: <mailto:users-h...@spamassassin.apache.org> list-unsubscribe: <mailto:users-unsubscr...@spamassassin.apache.org> List-Post: <mailto:users@spamassassin.apache.org> List-Id: <users.spamassassin.apache.org> Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 24496 invoked by uid 99); 4 Dec 2012 22:43:22 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2012 22:43:22 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=10.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dar...@chaosreigns.com designates 64.71.152.40 as permitted sender) Received: from [64.71.152.40] (HELO panic.chaosreigns.com) (64.71.152.40) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2012 22:43:18 +0000 Received: by panic.chaosreigns.com (Postfix, from userid 1000) id 9FBB3B2C1D; Tue, 4 Dec 2012 17:42:57 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chaosreigns.com; s=mail; t=1354660977; bh=uPXsDoUvS0uslNK34EsiRf7nXDvcM42iZUy9hu4itas=; h=Date:From:To:Subject:References:In-Reply-To; b=X4pc00xgJLvLDVZDeflZgrg0p7qRQg5jFoWOHgmNaW5K9sKsggNPode0Aa19iLItn FMvbykC+cGFmwZYAA9x2CsNLzFc0hyoAn+P1wsmM7btOPU4WqFayvV1hvNniJsLBs+ w1t86JFNaQhQ0YDMKsovbrB02E6JTsFjNXhI9KV8= Date: Tue, 4 Dec 2012 17:42:57 -0500 From: dar...@chaosreigns.com To: users@spamassassin.apache.org Subject: Re: Report your webmail usage Message-ID: <20121204224257.gj12...@chaosreigns.com> References: <50be6d28.4050...@itomat.se> <20121204165622.355ed...@hydrogen.roaringpenguin.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20121204165622.355ed...@hydrogen.roaringpenguin.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Virus-Checked: Checked by ClamAV on apache.org Reply-To: dar...@chaosreigns.com X-MDRedirect: 1 X-MDRedirect_From: me...@leigh.ssllock.com X-Return-Path: <dar...@chaosreigns.com> X-MDaemon-Deliver-To: <ol2...@company.mail> On 12/04, David F. Skoll wrote: > http://sourceforge.net/projects/aper/ > > Their phishing_links file did have the URL you reported in it: But did it contain that url at the time he received the email? That seems to be a very important question with these things. > So all some kind soul needs to do is write a SpamAssassin plugin that > gets the link list from the project and looks for URLs in message bodies > (or even just the Google formkey values which are pretty likely to be > unique.) Or a script, similar to their https://aper.svn.sourceforge.net/svnroot/aper/addresses2spamassassin.pl which grabs https://aper.svn.sourceforge.net/svnroot/aper/phishing_links and converts it to SA rules. Since something (other than an SA plugin) is going to need to download the file anyway, might as well convert it to rules in the process. Shouldn't be too hard, right? Maybe use \Q\E to avoid needing to escape everything? > Oh, somewhat off-topic but in case anyone with clout at Google is > reading this: More than a year ago, I recommended to Google that all > of their user-created forms should display this text: > > "This is a user-created form hosted at Google. Do not enter sensitive > information such as credit card numbers or passwords. If you are asked > to enter such information, please report this form as abusive." > > but Google never got back to me. It seems to me they're complicit in > helping phishers... You think people who will enter sensitive information into a random web form will even read that warning? Or be prevented from entering that information even if they do read it? Also, it seems like it would be pretty obnoxious for people who constantly use that stuff legitimately (which I don't). On 12/04, Eric Krona wrote: > -0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5% Is your bayes data poisoned? ( http://wiki.apache.org/spamassassin/ImproveAccuracy ) -- "I don't want to die... just yet... not while there's... women." - J. Matthew Root, 8/23/02 (http://www.jmrart.com/) http://www.ChaosReigns.com ----- End forwarded message ----- -- "I offer the modest proposal that our Universe is simply one of those things which happen from time to time." - Is the Universe a Vacuum Fluctuation? http://www.ChaosReigns.com
