Discuss

discuss@lists.surbl.org

1 participants
1867 discussions

Re: [SPAM-TAG] SURBL missing this spam
by David B Funk 05 Mar '05

05 Mar '05

On Fri, 4 Mar 2005, Jeff Chan wrote: > On Friday, March 4, 2005, 5:12:28 PM, Theo Dinter wrote: > > On Fri, Mar 04, 2005 at 05:10:42PM -0800, Jeff Chan wrote: > >> The URI is a little unusual, with a missing port number after the > >> colon: > >> > >> http://crazyrxl0wprices-MUNGED.com:/ > >> > >> Maybe that syntax is throwing off SA? > > > Yeah, it does look like a bug somewhere in 3.0.x. 3.1 catches it fine, > > fwiw. > > > 3.0: > > debug: URIDNSBL: domains to query: > > > 3.1: > > debug: uridnsbl: domains to query: crazyrxl0wprices.com > > Thanks Theo, > Given that it's apparently fixed in 3.1 should we make a > bugzilla? Might it be worth reviewing that the expression or > code was specifically fixed to explain this (better) behavior? > Or would that be unnecessary? For those still running SA 2.6* + SpamCopURI-0.22 The following ONE character patch fixes this bug: *** SpamCopURI.pm-orig Thu Aug 5 14:58:59 2004 --- SpamCopURI.pm Fri Mar 4 21:22:37 2005 *************** *** 276,282 **** # URI doesn't always put the port in the right place # so we strip it off here ! $url{host} =~ s/:[0-9]+$// if $url{host}; # Cleanup for urls that come in with a dot in the front --- 276,282 ---- # URI doesn't always put the port in the right place # so we strip it off here ! $url{host} =~ s/:[0-9]*$// if $url{host}; # Cleanup for urls that come in with a dot in the front (IE just change that '+' to a '*' ;) -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{

1 0

Re: [SPAM-TAG] SURBL missing this spam
by Bill Landry 05 Mar '05

05 Mar '05

----- Original Message ----- From: "Jeff Chan" <jeffc(a)surbl.org> > On Friday, March 4, 2005, 3:47:04 PM, martin smith wrote: > > I must have received this spam 12 times or more in the last 24 hours and > > even though its listed on the SURBL, spamassassin fails to match it against > > them. > > When I submit the spams to spamcop it parses the url everytime. > > SURBL seems to work on all other spams, just wondering if they have found a > > way to avoid spamassassin catching the URL. > > > Martin > > The URI is a little unusual, with a missing port number after the > colon: > > http://crazyrxl0wprices-MUNGED.com:/ > > Maybe that syntax is throwing off SA? Ah, good catch, I hadn't even noticed the trailing ":". Bill

1 0

Re: SURBL missing this spam
by Bill Landry 05 Mar '05

05 Mar '05

----- Original Message ----- From: "Bill Landry" <billl(a)pointshare.com> > > I must have received this spam 12 times or more in the last 24 hours and > > even though its listed on the SURBL, spamassassin fails to match it > against > > them. > > When I submit the spams to spamcop it parses the url everytime. > > SURBL seems to work on all other spams, just wondering if they have found > a > > way to avoid spamassassin catching the URL. > > > > Martin > > Hmmm, that does seem strange. Didn't get caught here, either. However: > > crazyrxl0wprices.com.multi.surbl.org. 2100 IN A 127.0.0.114 > > So http://crazyrxl0wprices.com is listed on several of the SURBL multi > lists. Let's see if this message gets flagged or not... Yep, caught by all SURBL multi lists that compound to equal 127.0.0.114: URIBL_AB_SURBL, URIBL_JP_SURBL, URIBL_OB_SURBL, URIBL_SC_SURBL Don't know why the domain was not flagged on the message you forwarded to the SA list, it clearly showed up in the message source file. Bill

1 0

RE: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trus t and Safety Department (KMM157050156V37604L0KM)
by Chris Santerre 05 Mar '05

05 Mar '05

> >And their abuse doesnt even respond, so perhaps someone with clue is >reading along ;) > I've had it with this kind of stupidity. Ebay allowing open redirs is simply retarded. I emailed the whole silly story to <thescreensavers(a)g4tv.com> with a quick explanation. Lets see if ebay and Cnet respond when the media gets involved. --Chris

4 3

Redir checking... Was: a too-long thread title
by Matthew Wilson 04 Mar '05

04 Mar '05

> Oh, which [begs] the question: Matthew did you mean on the > application side for checking live messages, or on the data > side, where we build the lists? I was referring to the application side, but I can see how it could also be done on the data side. -Matthew

1 0

RE: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trus tand Safety Department (KMM157050156V37604L0KM)
by Chris Santerre 04 Mar '05

04 Mar '05

> >Isn't there a way for SURBL to detect these encoded redirect >destination >URLs and check those (without the prepended redirector)? > umm.....sort of. We have some beta research tools that do that, but nothing in the live code. --Chris

2 1

RE: [SURBL-Discuss] Re: SP91011 your recent report to eBay's Trustand Safety Department (KMM157050156V37604L0KM)
by Matthew Wilson 04 Mar '05

04 Mar '05

Isn't there a way for SURBL to detect these encoded redirect destination URLs and check those (without the prepended redirector)?

2 1

Re: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM)
by Kevin A. McGrail 04 Mar '05

04 Mar '05

Dear eBay: Wow, your form letter has changed my mind. Your security is perfect. Your commitment to security is stellar. Running an open redirector is a great idea. Sorry I didn't see the light earlier. However, on a new topic, I was shocked and dismayed that eBay is allowing and assumingly SUPPORTING pornography to be distributed through your website. Does this include child pornography or is that only in Europe and places where the age of consent for pornography is under 18? Please advise based on the following link from eBay --WARNING: The following pages contains naked photos: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&Doma… What is the meaning of this? eBay is facilitating porn now? OK, now that I have your attention maybe this extreme last resort will ACTUALLY get you to forward this to someone at your company with an understanding of phishing and security that is slightly higher than the Trust and Safety department? If not, I give up and wish you well in your support of the child pornography industry that your company is facilitating by turning a blind eye to glaring security issues. Sincerely, Kevin A. McGrail ----- Original Message ----- From: "eBay Customer Support" <rswebhelp(a)ebay.com> To: "Kevin A. McGrail" <kmcgrail(a)pccc.com> Sent: Saturday, February 26, 2005 12:06 PM Subject: RE: SP91011 your recent report to eBay's Trust and Safety Department (KMM157050156V37604L0KM) > Hello, > > Thank you for writing back. > > I truly apologize if you felt we were not concerned about the email you > received. We are aware of the potential for fraud that these emails > pose. > > Let me assure you that we do work actively and aggressively in > partnership with many agencies, ISP's, and law enforcement groups to > investigate these fraudulent entities. Please keep in mind that eBay is > a public company and not associated with any legislative or police > entity. We rely on the same agencies you do to pursue these fraudulent > activities. We are very much concerned about our member's safety, but we > cannot control the actions of those intent on committing fraud. > > If you have already received a spoofed email once, your email address > has already been harvested. Sadly, you may continue to receive spoofed > emails for some time as these groups migrate from ISP to ISP setting up > fraudulent sites or sending fraudulent emails. > > We advise you to be very cautious of all email messages that ask you to > submit information such as your credit card number or your email > password. eBay (and most other Internet companies) will never ask you > for sensitive personal information such as passwords, bank account or > credit card numbers, Personal Identification Numbers (PINs), or Social > Security numbers in an email. If you ever need to provide information to > eBay please open a new Web browser, type www.ebay.com, and click on the > "site map" link located at the top the page to access the eBay page you > need. > > To keep your eBay experience safe, we have set up a new tutorial about > Spoof Emails to educate our members spotting a fake email. To check it > out, please click on the help link located at the top of all eBay page. > Once the help window appears, click on the link to eBay's Security > Center. From the Security Center you will find a variety of safety > related links. On the right hand side you will see a link to "Protect > yourself from spoof emails". > > Help > Security Center > Protect yourself from spoof emails > > Once again, thank you for alerting us to the spoof email you received. > Your vigilance helps us ensure that eBay remains a safe and vibrant > online marketplace. > > > Regards, > > Marcel > eBay SafeHarbor > Investigations Team > ______________________________ > eBay Inc. > The World's Online Marketplace® > ******************************************* > > Important: eBay will not ask you for sensitive personal information > (such as your password, credit card and bank account numbers, Social > Security numbers, etc.) in an email. Learn more account protection tips > at: > > http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html > > _____________________________________________ > > For our latest announcements, please check: > > http://www2.ebay.com/aw/announce.shtml > _____________________________________________ > > In order to better serve you, we'd occasionally like to > request feedback on our service. If you would rather > not participate, please click on the link below and send > us an email with the word "REMOVE" in the subject line. > If that does not work, please send an email to the > email address below. Your request will be processed > within 5 days. > > mailto:cssremove@ebay.com > > ******************************************* >

8 22

RE: [SURBL-Discuss] Help for the Windows Guy!
by Jeff Baker 03 Mar '05

03 Mar '05

We use Exchange 2000 on our back-end server which is a Compaq DL380 w/4gb memory. Currently we use McAfee's Groupshield on this unit. I'm not sure on an external call from Ex 2000. What was your experience with spam before and after implementation of SA? -----Original Message----- From: discuss-bounces(a)lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Fred Sent: Tuesday, March 01, 2005 5:34 PM To: SURBL Discussion list Subject: Re: [SURBL-Discuss] Help for the Windows Guy! I am one of the first to have jumped on this wagon, what type of mail server are you planning to install this in? Does it provide some way to tie in an external program? Each mail server is very different how they handle this, we used Vopmail and it provides what's called an "agent" which is a batch file you specify to be executed upon arrivial of mail. This works fine but you need to know how to program batch files... How you accomplish this depends on what your mail server allows you to do. It sure is easier setting up a freebsd box to run only e-mail and not have to worry about it for a long time! We haven't touched our mail servers except to upgrade our clamAV once a year. When I ran SA under Win32, I had to keep a close eye on things to make sure they didn't blow up and let me assure you THEY WILL! Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 Jeff Baker wrote: > I want to implement SpamAssassin <http://spamassassin.apache.org/> 3 > but I am just a Windows guy. I use McAfee's Spamkiller 2.7 on their > e500 (linux) and it's just not doing the job. Someone please step me > through the process of where and what to place SpamAssassin on. I see > the wonderful reviews but this Windows guy knows nothing about linux. > > > > Thank anyone very much!!!! > > > > Jeff Baker > > Network Systems Administrator > > The Pantry, Inc. > > Sanford, NC 27330 > > jeff.baker(a)thepantry.com > > > > > > All outbound email messages have been scanned for viruses and content > with the e500 web appliance. > _______________________________________________ > Discuss mailing list > Discuss(a)lists.surbl.org > http://lists.surbl.org/mailman/listinfo/discuss _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss This message has been scanned for viruses and content with the e500 web appliance. All outbound email messages have been scanned for viruses and content with the e500 web appliance.

4 3

Help for the Windows Guy!
by Jeff Baker 02 Mar '05

02 Mar '05

I want to implement SpamAssassin <http://spamassassin.apache.org/> 3 but I am just a Windows guy. I use McAfee's Spamkiller 2.7 on their e500 (linux) and it's just not doing the job. Someone please step me through the process of where and what to place SpamAssassin on. I see the wonderful reviews but this Windows guy knows nothing about linux. Thank anyone very much!!!! Jeff Baker Network Systems Administrator The Pantry, Inc. Sanford, NC 27330 jeff.baker(a)thepantry.com All outbound email messages have been scanned for viruses and content with the e500 web appliance.

5 4

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss