> Date: Tue, 10 Jan 2006 14:01:32 -0500
> From: "David F. Skoll" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Pre-Emptive Greylist entries
>
> spammer.com. 1d IN TXT "v=spf1 +all"
>
> I own the world! :-)
>
> (Yes, I know SPF implementations can treat such a record with
> From: Jan Pieter Cornet <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] dictionary attacks looking for a valid user
>
> An easier solution might be to have a process tail(1) your logfile and
> take action on the information there. I think I've even seen something
> like that: more than x invalid
> From: Junior Williamson <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Re: Netblock 222
> To: mimedefang@lists.roaringpenguin.com
>
> On Tuesday 11 October 2005 14:57, Sean Ware wrote:
>
>>
>> ... and no more Australia. (Which may not be what you intended.) For a
>> slightly more granular approa
While I can see David squirm when I state this, I just block APNIC at the
kernel through IPTables. The nice thing about IP Tables is that there's
very little overhead, so I'm sure you could likely do that if you were
inclined. Letting Mimedefang site filter based on IP is probably a tad
much CPU f
Far be it for me to interject a complaint here. But perhaps the client
should take into consideration that the person on the other end filling
out the bogus information doesn't WANT to disclose their real information.
Lord knows I've registered several bogus addresses. The best way to stay
off spa
Not to make a statement here, but as I have worked as/with the "feds" for
many years, I think these attacks are a tad prejudice and ill placed on
this mailing list.
However, in regards to your statements about or against contacting the
"feds" to alert them of this new exploit. The comment made ea
rough an appear to be legitimate (at least on the
side of the server).
No email from my domain either in the plain text name portion or the
actual sender email address should orgininate outside my domain's SPF
record. Any suggestions for hunting and destroying these emails?
Than
> Date: Thu, 26 May 2005 15:48:23 -0400
> From: "James Ebright" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] FTC asks ISPs to crack down on zombie PCs
>
> On Thu, 26 May 2005 15:20:33 -0400, WBrown wrote
>
>> Ummm wouldn't TLS only encrypt the traffic between the two servers
>> involved at the m
> Date: Thu, 26 May 2005 11:26:56 -0400
> From: "James Ebright" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] FTC asks ISPs to crack down on zombie PCs
>
> In other words, you are not "penalized" price wise if you are a business
> customer with our company. In fact, it opens up extra options and
> Date: Wed, 25 May 2005 19:44:49 +0200
> From: ADNET Ghislain <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] FTC asks ISPs to crack down on zombie PCs
>
> Can you broaden my vision of thing and give some exemples where the
> hoster's smtp server and the ISP smtp server is not enough so you wou
> Date: Wed, 25 May 2005 13:37:44 -0400
> From: "James Ebright" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] FTC asks ISPs to crack down on zombie PCs
>
> Yes, but in that scenario the "client" is relaying ALL of the mail through
> the
> ISPs mail server and not doing any direct-to-mta deliveri
> Date: Wed, 25 May 2005 10:50:13 -0400
> From: "James Ebright" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] FTC asks ISPs to crack down on zombie PCs
>
> Where are you located at? We charge $5.00/mo for a single static ip which
> would most likely work in your situation (We are in Sprint/Bells
> Date: Wed, 25 May 2005 09:03:31 -0400
> From: "James Ebright" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] FTC asks ISPs to crack down on zombie PCs
>
> On Tue, 24 May 2005 14:17:54 -0700, Matthew.van.Eerde wrote
>
>> * blocking a common Internet port used for e-mail when possible;
>>
According to Hormel, the usage of "spam" as a term to identify Unsolicited
Commercial Email (UCE) is ok. However, it should not be confused with the
term "SPAM" which is a registered trademark of the SPAM lunchmeat product
they offer.
Here's a link. http://www.spam.com/ci/ci_in.htm
Always curiou
Ok, when running a domain one must have certian email addresses that are
just unavoidable, perhaps the technical contact email for your DNS
provider? Ones which can be scooped up through email harvesting. While I
know this technique is old, I think I've thought up an idea on how to
combat it.
A l
> Date: Wed, 23 Mar 2005 10:27:26 -0500
> From: "James Ebright" <[EMAIL PROTECTED]>
> Subject: Re: Phish detection (was Re: [Mimedefang] for mcafee lovers)
>
> I agree... unfortunately most of our clients use windoze and most IE and
> even
> with auto updates it seems many still manage to get spyw
> From: Rob MacGregor <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Anti-virus software
>
> Probably because they've still not hit a 1.0 release yet and it's very
> heavily in development. It'll still work if you don't upgrade, you
> just don't get the new signatures.
>
Um, not that I do this v
Evil Bastigiges! These products are the reason why setting up an open
relay is not only dumb but dangerous and why blind gateways that auto
forward error messages can also be just as dangerous. Finally! The idiots
responsible for filling my firewall logs...
And thank you much for NOT cold-calling
> Date: Thu, 3 Feb 2005 10:31:50 -0800
> From: <[EMAIL PROTECTED]>
> Subject: RE: [Mimedefang] ZDnet article on new Zombie Trick
>
> Why would the ISP do this? To protect themselves from being sued by the
> spam recipients' ISPs.
>
The Laws in the State of IL include exemptions of liability to th
Mimedefang usually puts forth some very specific error messages, and that
doesn't look like one to me. Is it possible you may have another milter
running that does some form of call back like VRFY or EXPN or something of
that nature to validate a sender. The fact the address is coming from
navy.mil
> From: "Kevin A. McGrail" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] MIMEdefang on CPAN? or in RPM form?
>
> Personally, I'm also starting to agree that some elitism is necessary and
> making installation too easy is a bad thing. Having a few hurdles to make
> people install MD sorts out th
> From: "David F. Skoll" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] -x and -X options
> To: mimedefang@lists.roaringpenguin.com
>
> On Thu, 23 Dec 2004, Ian Mitchell wrote:
>
>> Any thoughts on an option to define the address to mask internal
>> a
Ok, having run many many different versions of Mimedefang in the past few
years, I noticed something interesting on the latest version (49) that I
though was a bit odd. The X-Scanned-by header reports the IP address of
the machine running Mimedefang. I know this isn't new, but it was from the
versi
> Date: Fri, 17 Dec 2004 08:38:59 -0800
> From: Kenneth Porter <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Question on confidentiality statements
>
> Disclaimer:
> By sending an email to ANY of my addresses you are agreeing that:
>
>1. I am by definition, "the intended recipient"
>2. Al
> Date: Mon, 13 Dec 2004 08:26:25 -0600
> From: "Chris Myers" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Need help with virus notifications
>
> Take the time to identify whether the message is a mass-mailer that
> falsifies the sender's address. This is simple to do, and it avoids
> attacking
> Date: Wed, 8 Dec 2004 14:21:30 -0500
> From: [EMAIL PROTECTED]
> Subject: [Mimedefang] RBL suggestions
>
> I am looking to start using an RBL. In the past, a colegue did some
> testing of RBLs and got a lot of false positives.
> ---
>
If you would like to test particular addresses that give fal
> From: Ben Kamen <[EMAIL PROTECTED]>
> Subject: [Mimedefang] SpamTraps
> To: [EMAIL PROTECTED]
>
> How many of you out there use spamtraps with spamassassin??
>
> I'm just curious about the feeling of others using them...
>
> -Ben
I was rejecting emails with scores higher than a 5 (very restri
> From: Randy Hammock <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Re: Lycos Screen saver that attacks
> Spammers, Ahmore off topic...
>
> Lycos Screen Saver / Legal Zombies? Just wait until someone figures out
> how to hack all those Lycos zombies out there to perform DDoS's. What
>
> Date: Thu, 02 Dec 2004 14:50:18 -0800
> From: Kenneth Porter <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Lycos Screensaver that attacks Spammers
>
>> Democracy is three wolves and a sheep voting on what to have for dinner.
>> Guess who gets eaten.
>
> I've always loved that quote.
I'm going
> From: [EMAIL PROTECTED]
> Subject: Re: [Mimedefang] Lycos Screensaver that attacks Spammers
>
> [EMAIL PROTECTED] wrote on 12/02/2004 10:31:48
>
> Exactly!
>
> I can just see it know... "He needed DOS'ing" as a valid defense in
> court.
While I concur that vigilanteism is never the right answe
> Date: Wed, 1 Dec 2004 11:46:10 -0500 (EST)
> From: "David F. Skoll" <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] Lycos Screensaver that attacks Spammers
>
> This is a very bad idea for a number of reasons:
>
> 1) In a lot of places, people's bandwidth is metered, so this will cost
> them
>
Nothing saying you can't have something along the lines of
127.0.0.1RELAY
If no other IP's are listed and you have access_db feature turned on, then
that would make is so that only the MX itself would be able to relay. Now,
one thing I would think that could be potentially ugly is if any
scri
Then I would wonder if something along the lines of SPF (spf.pobox.com)
would work. I know this method was recently critisized for Microsoft's
liscensing methods and such forth. And while it's adoption or lack there
of might not allow it to be fully effective (catching people who spoof
yahoo) if
> Ok, for something like this, a sample function on the FAQ site that
> filters HELO line
>
> How do I integrate this into the filter file ?
I'm not sure that I would. Sendmail has the capability to limit
connections based on where the IP's come from (outside of the HELO which
can be spoofed). You
> From: Mark Penkower <[EMAIL PROTECTED]>
> Subject: [Mimedefang] OFF TOPIC - Need a product to block spyware
> This is off topic, but I suspect that people on this list may have an
answer.
> I need a product to block spyware, adware and other related crap from
infecting Windows 2000 PC's.
You're
Here's a good place to check in mass.
http://rbls.org/
> From: Kenneth Porter <[EMAIL PROTECTED]>
> Subject: Re: [Mimedefang] roaringpenguin.com is listed in rfc-ignorant
>
> BTW, does anyone know of an automated piece of code that checks a list of
> dnsbl's like this for one's own domain? It wo
> I have written a quick and dirty checking for corrupt jpeg files in
> mimedefang-filter. It uses program "djpeg", which should be in most
> Linux and Unices distributions, to convert the file to bitmap writing
> in /dev/null. It lets the file in, if it manages to successfully convert
> it, or rej
13 servers which are 486/50dx2's and 13 thousand node zeon clusters makes
a bit of a difference. It's not the number but the size that counts. ;)
> sc.surbl.org has 13 name servers, just like the root name servers of
> the Internet. You can imagine that if 13 name servers can handle all
> the roo
If you do a little search of the archives from a few years ago, there was
a posting of code for doing "dirty" word searches. I put together a small
snippet of code to include in the filter that would allow you to put
together a text file of regular expressions for known bad words. It worked
pretty
an active exploit in
the wild, however there are no reported worms to date, and it is arguable
that many people using email in *nix would be smart enough not to open png
files coming in from email. But I always err on the side of caution.
Thank you,
Ia
40 matches
Mail list logo