Discuss

discuss@lists.surbl.org

1867 discussions

RE: [SURBL-Discuss] Help for the Windows Guy!
by Joe Zitnik 02 Mar '05

02 Mar '05

Jeff, We use a product called Guinevere that has SA integration against GroupWise. The person who developed the app has written a how to on SA on Win32. I cna't promise anything, but maybe the attached link will help. http://www.openhandhome.com/howtosa300.html >>> jeff.baker(a)thepantry.com 03/02 8:42 AM >>> We use Exchange 2000 on our back-end server which is a Compaq DL380 w/4gb memory. Currently we use McAfee's Groupshield on this unit. I'm not sure on an external call from Ex 2000. What was your experience with spam before and after implementation of SA? -----Original Message----- From: discuss-bounces(a)lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Fred Sent: Tuesday, March 01, 2005 5:34 PM To: SURBL Discussion list Subject: Re: [SURBL-Discuss] Help for the Windows Guy! I am one of the first to have jumped on this wagon, what type of mail server are you planning to install this in? Does it provide some way to tie in an external program? Each mail server is very different how they handle this, we used Vopmail and it provides what's called an "agent" which is a batch file you specify to be executed upon arrivial of mail. This works fine but you need to know how to program batch files... How you accomplish this depends on what your mail server allows you to do. It sure is easier setting up a freebsd box to run only e-mail and not have to worry about it for a long time! We haven't touched our mail servers except to upgrade our clamAV once a year. When I ran SA under Win32, I had to keep a close eye on things to make sure they didn't blow up and let me assure you THEY WILL! Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 Jeff Baker wrote: > I want to implement SpamAssassin <http://spamassassin.apache.org/> 3 > but I am just a Windows guy. I use McAfee's Spamkiller 2.7 on their > e500 (linux) and it's just not doing the job. Someone please step me > through the process of where and what to place SpamAssassin on. I see > the wonderful reviews but this Windows guy knows nothing about linux. > > > > Thank anyone very much!!!! > > > > Jeff Baker > > Network Systems Administrator > > The Pantry, Inc. > > Sanford, NC 27330 > > jeff.baker(a)thepantry.com > > > > > > All outbound email messages have been scanned for viruses and content > with the e500 web appliance. > _______________________________________________ > Discuss mailing list > Discuss(a)lists.surbl.org > http://lists.surbl.org/mailman/listinfo/discuss _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss This message has been scanned for viruses and content with the e500 web appliance. All outbound email messages have been scanned for viruses and content with the e500 web appliance. _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss

1 0

Phishing reporting addresses
by Jeff Chan 02 Mar '05

02 Mar '05

Here are some addresses to report phishing to: postmaster@corp.mailsecurity.net.au,reportphishing@antiphishing.org, spam@uce.gov,spam@mailpolice.com,scams@fraudwatchinternational.com The mailsecurity and mailpolice ones feed into ph.surbl.org. Hopefully some of the other ones may also eventually. Cheers, Jeff C. -- "If it appears in hams, then don't list it."

1 0

RE: [SURBL-Discuss] Fw: Account Verification
by Chris Santerre 21 Feb '05

21 Feb '05

Let me know and we could forward Kevin's post to the SPAM-L list. That would create some preasure ;) --Chris (Top posting because of my stupid MUA!!!) > Thanks Kevin, > I'm asking around if anyone has contacts at eBay. I've heard back from some folks at eBay that they're now working on this issue. Jeff C.

1 0

linkshield(dot)com ?
by RD 21 Feb '05

21 Feb '05

Hello SURBL Team, Please review linkshield(dot)com. It's a URL cloaking service but no abuse policy, etc. It may have legit uses but their service may actually benefits spammers. Just wanted to get everyone's opinion :-) -RD

3 4

Blind CC's
by Doc Schneider 21 Feb '05

21 Feb '05

I'm asking here because I know some of you probably can figure this one out. My Wife owns raogk.org (Random Acts Of Genealogical Kindness) and has a person who is having e-mail issues. A bit of background. I designed the full backend of this site which once you figure out the country,state,county of where you're wanting information you click on the volunteers name and a form pops up which allows you to enter your name/e-mail and what you want this person to lookup. And once it is sent it sends you a BCC of what you asked. Anyway, this one person is using MSN. And is not getting his BCC's we've had him do a complete search through his Outlook Express for the subject of these. Nada. And we've had no complaints from anyone else using MSN, so doubt it is the issue. Could this person be running something like an e-mail filter which is eatting his BCCs? Any of you heard of this? We're not sure what is running on this persons computer, so unknown if or what could be causing this. I'm out of ideas. We have the headers from some test messages we had this person do. Funny thing is they're getting all the other @raogk.org e-mail. Please include the raogk-admin(a)raogk.org address if you reply. Thanks, -Doc

2 1

Fw: Account Verification
by Kevin A. McGrail 21 Feb '05

21 Feb '05

This is a follow-up to my initial discovery that eBay has it's own redirector and this redirector was now showing up in Phishing scams. Despite my adamant, fervent & rabid inquiries, eBay has done nothing. With the rise of the use of the redirector on eBay and this more obscure url now being used, I believe even more phish-aware users would be caught: http://cgi4-munged.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDoma… Anyone who knows anyone at eBay that understands security should email them and tell them to turn this redirector OFF. In the meantime, here's an SA Rule to help catch it which I would appreciate feedback about: # This rule is to mark emails using the exploit of the eBay redirector uri KAM_EBAYREDIR /.*.ebay.com.*RedirectToDomain/i describe KAM_EBAYREDIR Attempted use of eBay redirector - high probability of fraud score KAM_EBAYREDIR 7.0 More posted at: http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf Regards, KAM

2 2

RE: [SURBL-Discuss] Is something wrong with SURBL-checker?
by Chris Santerre 18 Feb '05

18 Feb '05

> >Jeff Chan wrote: > >> I'm not getting matches either. Let's ask Dallas to please look >> into it for us. > >Alright! I noticed spam got hits from SURBL-lists anyway (as >you pointed >out in your other message). > >I'll wait report my spam-mails until the problems are solved. > I sent the Ninja in charge an email. We recently did an update that may have messed up the public one. --Chris

2 1

RE: [SURBL-Discuss] Fw: TKO Notice: Urgent Fraud Investigation
by Matthew.van.Eerde＠hbinc.com 17 Feb '05

17 Feb '05

Rob McEwen wrote: >> http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&Doma >> inUrl=http://mymt.co.kr/.cgi-bin/eBaySuspension/signin.ebay.com/aw->cgi/sec > ure/eBayISAPI.dllSignIn-ssPageName->hhsin.php?MfcISAPICommand=SignInFPP&Usin > gSSL=1&email= > >> Erm, it's called a redirector. Did you try the >> URL? ebay's site redirects >> to the URL in the DomainURL parameter. > > Whatever you call it, it's bad news for any parser which might not > grab and extract the referenced URL for SURBL checking. > > Also, this leads to additional questions: > > (1) Are there legitimate "business purposes" for ebay to have such a > redirector in the first place? To a certain limited extent, yes > (2) If so, are there legitimate reasons for such a redirector to EVER > show up in legitimate e-mails? To that extent, yes > (3) If not, does anyone know of a "clearinghouse" page where ALL such > types of redirectors are listed so that rules could be built to block > e-mails containing these (using rules-based blocking)? Also, are > there already SA rules for such? > > Rob McEwen eBay should certainly realize that they are imparting a degree of authority to URLs that are redirected in this manner. They may even be liable for damages. Best practices probably dictate that they keep a list of URLs that are legitimate redirection destinations, and limit redirection to those URLs - on attempts to feed the redirector any other URL, they should pop up big ugly error messages saying "someone's trying to phish you (or maybe we forgot to update our list)" Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"

1 0

Is something wrong with SURBL-checker?
by Martin 15 Feb '05

15 Feb '05

Hi, Is there something wrong with the SURBL-checker at http://www.rulesemporium.com/cgi-bin/uribl.cgi ? I get no matches of any domains i'm testing. Even with spam-domains that hits the multi-list isn't listed as blocked. Is this problem related to the "FP-rate" thread? / Martin

2 3

RE: [SURBL-Discuss] FP rate?
by Chris Santerre 14 Feb '05

14 Feb '05

>-----Original Message----- >From: Fred [mailto:tech2@i-is.com] >Sent: Monday, February 14, 2005 1:26 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] FP rate? > > >Chris Santerre wrote: >> Can we trust the FP rate with the current bug in SA? > >Not taking sides but it might be a bug in Net::DNS, the SA >devs have not >exactly tied down what was causing this issue. There was talk >of re-write >in the way they use Net::DNS to possibly fix this issue but >I'm pretty sure >this was not SA specific. > >http://bugzilla.spamassassin.org/show_bug.cgi?id=3997 > Oh I agree. I don't know what is causing it, but I know it must be throwing off the reported FP rate. Although proably for all the URIRBLs. I'd love to get a monthly report from DQ on his rates. But I know he is busy. --Chris

4 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss