Discuss

discuss@lists.surbl.org

1862 discussions

RE: HELP: RE: [SURBL-Discuss] ZDnet redirector still open.
by Chris Santerre 22 Mar '05

22 Mar '05

Well its been a week since the first report. Emails to the media have begun. --Chris >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Friday, March 18, 2005 11:27 PM >To: SURBL Discuss >Subject: Re: HELP: RE: [SURBL-Discuss] ZDnet redirector still open. > > >On Friday, March 18, 2005, 8:41:13 AM, Chris Santerre wrote: >>>From: Alex Broens [mailto:surbl@alexb.ch] > >>>Jeff, >>> >>>Could you pls make some extra noise so this hole gets closed. >>> >>>- or do we need to run an international press release? - or >maybe some >>>extra pressure via Slashdot? >>> >>>Alex > >> Maybe their competitors would like to run a story on it :) I >know someone on >> SPAM-L list was trying to get it removed. Lets see what they say. > >Before calling the media, let's give cnet a week to fix it. >If it's not fixed by then, we can bring it up with them >again. > >Jeff C. >-- >"If it appears in hams, then don't list it." > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

RE: REDIRECTOR: chkpt.zdnet.com
by Chris Santerre 21 Mar '05

21 Mar '05

It makes more sense to email him direct. Too bad I can't find he email anywhere! I guess its time to start telling the media about this open redirect. Oh well, we gave them fair amount of time. --Chris >-----Original Message----- >From: Rob McEwen [mailto:rob@powerviewsystems.com] >Sent: Monday, March 21, 2005 11:11 AM >To: discuss(a)lists.surbl.org; users(a)spamassassin.apache.org >Subject: Re: REDIRECTOR: chkpt.zdnet.com > > >(I've sent this to both SA & SURBL) > >There has been much fuss about ZDNet being slow or >unresponsive about fixing >open redirects. > >I have a suggestion. > >Someone ought to post a message on John Dvorak's blog. I did a >search to >find the most recent post on his blog relating to spam to find the best >place to post. > >Therefore, someone please go here and post a message to him to get this >message across: > >http://www.dvorak.org/blog/?p=1437 > >(I'd do it myself but I just got over the flu and I'm severely >behind in my >work. Also, I think that someone with more "pull" than me out >to do this... >someone like Chris or Jeff. Plus, Dvorak will recognize my >name from other >very unrelated topics that I've posted on his blog in the past and I >wouldn't want to confuse issues with him by using my name.) > >Rob McEwen >PowerView Systems > >

2 1

REDIRECTOR: chkpt.zdnet.com
by Alex Broens 21 Mar '05

21 Mar '05

Guys, Does somebody know someone at ZDnet This looks like a new redir. <center> <a href=http://chkpt.zdnet.com/chkpt/wenot/fvguug%2ere%74ai%6c%62%6C%6f%77s.co… target=_blank>CL1CCK HERE TO 0RDER or</a> </center> => http://chkpt.zdnet.com/chkpt/wenot/fvguug.retailblows. com/ Alex

4 5

HELP: RE: [SURBL-Discuss] ZDnet redirector still open.
by Chris Santerre 19 Mar '05

19 Mar '05

>-----Original Message----- >From: Alex Broens [mailto:surbl@alexb.ch] >Sent: Friday, March 18, 2005 9:36 AM >To: SUBL List >Subject: [SURBL-Discuss] ZDnet redirector still open. > > >Jeff, > >Could you pls make some extra noise so this hole gets closed. > >- or do we need to run an international press release? - or maybe some >extra pressure via Slashdot? > >Alex Maybe their competitors would like to run a story on it :) I know someone on SPAM-L list was trying to get it removed. Lets see what they say. I just dismantled an entire rack while everything was live. Boy was that fun! --Chris

3 2

ZDnet redirector still open.
by Alex Broens 18 Mar '05

18 Mar '05

Jeff, Could you pls make some extra noise so this hole gets closed. - or do we need to run an international press release? - or maybe some extra pressure via Slashdot? Alex

1 0

Recall: [SURBL-Discuss] Help for the Windows Guy!
by Jeff Baker 15 Mar '05

15 Mar '05

Jeff Baker would like to recall the message, "[SURBL-Discuss] Help for the Windows Guy!". All outbound email messages have been scanned for viruses and content with the e500 web appliance.

2 1

RE: [SURBL-Discuss] Help for the Windows Guy!
by Jeff Baker 15 Mar '05

15 Mar '05

Message to Kevin A. McGrail My apologies :(: for not getting back with you sooner. Other top-plate projects and out-of-state business, whew! I am very interested on the detailed information you have on implementing your tried-and-true methods for defending spam. I have a project to upgrade our McAfee e500 Webshield and SpamKiller to versions 3.x and it would be great to implement the solutions below. Our e500 sits inside our network, but should it sit in a DMZ and would this prevent receiving emails to invaliduser(a)thepantry.com? I would GREATLY Appreciate any detailed information you can spare! Thank you, Jeff Baker Network Systems Administrator Enterprise Backup Administrator The Pantry, Inc. Sanford, NC @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -----Original Message----- From: discuss-bounces(a)lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Kevin A. McGrail Sent: Wednesday, March 02, 2005 9:32 AM To: SURBL Discussion list Subject: Re: [SURBL-Discuss] Help for the Windows Guy! Jeff: I think others looked at you wanting to run SA on Windows but I'm going to take a different tact since you are already running a linux box. In short, answer the question of how can I protect an exchange server from viruses & spam. First, I think you should look at Can-IT. They just released a "free as in beer" version for companies with less than 50 users. Otherwise the Can-IT Pro is a fabulous product and I always have to give them kudos for also releasing MIMEDefang as Open Source. http://www.roaringpenguin.com/ & http://www.roaringpenguin.com/anti_spam/free_canit.php Second, if you want to get into the nuts & bolts, you should run a linux box and install Sendmail 8.13.3 w/ Greet Pause & Bad Recipient Throttling, poprelayd-kam to blackhold the harvesting sites, then MIMEDefang, a milter written by the same people as CanIt. Have MD call SpamAssassin which implements SURBL. Add ClamAV or McAfee uvscan to the mix and you have great anti-viral features as well. Final step would be to configure LDAP on your linux box so you can "extend" the edge of your network to bounce bad emails ASAP. I've done this many many times and have instructions to help get you started if you want to take this avenue. Regards, KAM ----- Original Message ----- From: "Jeff Baker" <jeff.baker(a)thepantry.com> To: "SURBL Discussion list" <discuss(a)lists.surbl.org> Sent: Wednesday, March 02, 2005 8:42 AM Subject: RE: [SURBL-Discuss] Help for the Windows Guy! > > We use Exchange 2000 on our back-end server which is a Compaq DL380 > w/4gb memory. Currently we use McAfee's Groupshield on this unit. > > I'm not sure on an external call from Ex 2000. What was your experience > with spam before and after implementation of SA? > > -----Original Message----- > From: discuss-bounces(a)lists.surbl.org > [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Fred > Sent: Tuesday, March 01, 2005 5:34 PM > To: SURBL Discussion list > Subject: Re: [SURBL-Discuss] Help for the Windows Guy! > > I am one of the first to have jumped on this wagon, what type of mail > server > are you planning to install this in? Does it provide some way to tie in > an > external program? Each mail server is very different how they handle > this, > we used Vopmail and it provides what's called an "agent" which is a > batch > file you specify to be executed upon arrivial of mail. This works fine > but > you need to know how to program batch files... How you accomplish this > depends on what your mail server allows you to do. > It sure is easier setting up a freebsd box to run only e-mail and not > have > to worry about it for a long time! We haven't touched our mail servers > except to upgrade our clamAV once a year. > > When I ran SA under Win32, I had to keep a close eye on things to make > sure > they didn't blow up and let me assure you THEY WILL! > > Frederic Tarasevicius > Internet Information Services, Inc. > http://www.i-is.com/ > 810-794-4400 > > > Jeff Baker wrote: > > I want to implement SpamAssassin <http://spamassassin.apache.org/> 3 > > but I am just a Windows guy. I use McAfee's Spamkiller 2.7 on their > > e500 (linux) and it's just not doing the job. Someone please step me > > through the process of where and what to place SpamAssassin on. I see > > the wonderful reviews but this Windows guy knows nothing about linux. > > > > > > > > Thank anyone very much!!!! > > > > > > > > Jeff Baker > > > > Network Systems Administrator > > > > The Pantry, Inc. > > > > Sanford, NC 27330 > > > > jeff.baker(a)thepantry.com > > > > > > > > > > > > All outbound email messages have been scanned for viruses and content > > with the e500 web appliance. > > _______________________________________________ > > Discuss mailing list > > Discuss(a)lists.surbl.org > > http://lists.surbl.org/mailman/listinfo/discuss > > _______________________________________________ > Discuss mailing list > Discuss(a)lists.surbl.org > http://lists.surbl.org/mailman/listinfo/discuss > > > This message has been scanned for viruses and content with the e500 web > appliance. > > > > > > All outbound email messages have been scanned for viruses and content with the e500 web appliance. > > > _______________________________________________ > Discuss mailing list > Discuss(a)lists.surbl.org > http://lists.surbl.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss This message has been scanned for viruses and content with the e500 web appliance. All outbound email messages have been scanned for viruses and content with the e500 web appliance.

1 0

Spam Honeypot identification through SURBL
by Matthew Wilson 15 Mar '05

15 Mar '05

Jeff (and list), I'm worried that spammers can use SURBL to identify honeypot email servers by using unique subdomains. A spammer must merely send a unique subdomain URL to every address on their list, and if that unique subdomain is blacklisted in SURBL, they have identified a potential honeypot and will no longer send spam to that address/server. It is therefore my humble opinion that only the second-to-top domain name should be listed in SURBL, and not any of the subdomains. Thoughts? -Matthew Wilson

3 4

RE: [SPAM-TAG] Re: [SURBL-Discuss] A list of spammers urls
by Matthew.van.Eerde＠hbinc.com 15 Mar '05

15 Mar '05

Jeff Chan wrote: > On Friday, March 11, 2005, 2:30:05 PM, Matthew Eerde wrote: >> Jeff Chan wrote: >>> On Friday, March 11, 2005, 4:33:45 AM, Chris Edwards wrote: >>>> I wonder if there'd be much mileage in a SpamAssaassin feature to >>>> award points for any URLs that don't resolve ? >>> >>> In principle it's something that could be done, but the timeouts >>> encountered trying to resolve non-existent domains could make it >>> impractical. > >> Aren't the name resolution attempts done in parallel? > > Even if they are, there needs to be a reasonable timeout on > resolution set, like 10 seconds. That may not seem like a very > long delay, but it can keep open server memory allocations, etc. I see your point. "No such domain" and "no such entry at this domain" responses are very fast, though. Couldn't at least quick negative responses be worth points? Could use a timeout of one or two seconds to save server resources - with a timeout not being worth points at all. Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"

2 1

Fw: TKO Notice: Urgent Fraud Investigation
by Kevin A. McGrail 14 Mar '05

14 Mar '05

Is ebay running an open relay now???? See this phish below and look at this url! http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&Doma… Regards, KAM ----- Original Message ----- From: eBay(a)reply3.ebay.com To: kmcgrail(a)peregrinehw.com Sent: Wednesday, February 16, 2005 8:44 PM Subject: TKO Notice: Urgent Fraud Investigation Place or Update Credit Card on File Dear Kmcgrail(a)peregrinehw.com , This is your final warning about the safety of your eBay account. If you do not update your billing informations your access on eBay will be restricted and the user deleted. This might be due to either following reasons: - A recent change in your personal information (i.e. change of address) - Submiting invalid information during the initial sign up process. - An inability to accurately verify your selected option of payment due an internal error within our processors. Your credit card on file with eBay Card number: XXXX-XXXX-XXXX-4322 (Not shown for security purposes) Expiration date: 11/05 Please sign in to your eBay account and update your billing information: https://signin.ebay.com/saw-cgi/eBayISAPI.dll?SignIn&UsingSSL=1 If your account information is not updated, your ability to sell or bid on eBay will become restricted. Thank you, eBay Billing Department -------------------------------------------------------------------- eBay treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information. eBay will never ask their users for personal information, such as bank account numbers, credit card numbers, pin numbers, passwords, or Social Security numbers in an email. For more information on how to protect your eBay password and your account, please visit User Account Protection. This eBay notice was sent to you based on your eBay account preferences and in accordance with our Privacy Policy. To change your notification preferences, click here. If you would like to receive this email in text format, click here. Copyright © 2005 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.

5 5

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss