Re: [qmailtoaster] squirrelmail spam scam
TM I am reviewing the headers to see where it goes to including the href link. Dave > David Milholen wrote: >> I had a customer send me an email that came to his inbox and it had a >> small paragraph that explained that squirrelmail users needed to upgrade >> to some new package due to some confusion with earlier releases and to >> click here for updates. >> I told him not to click anything and forward as an attachment so I >> could >> review it. When I clicked the link firefox told me the site was a >> phishing site and asked to continue. >> Anyone seen that before? >> TM >> DAVE >> >> > > from the squirrelmail site > > /quote > > *SECURITY: Spam Alert* > /Feb 23, 2009 by Paul Lesniewski/ > The spammer that has been sullying our good name for the past year > continues to send out huge amounts of spam encouraging people to > supposedly upgrade to what they claim is our newest version, 1.4.15. > That is in fact not our newest version, but moreover, they provide a > link in their spam that sends the victim to a login page that looks like > the normal SquirrelMail login page - if you input any credentials on > this page, of course, the spammer takes them and most likely uses them > to send spam from your email account. You can NEVER upgrade SquirrelMail > by simply "logging in" somewhere. The SquirrelMail team NEVER sends out > unsolicited email, especially any that require your personal email > username and password! > > /endquote > > > you should have squirrelmail-toaster-1.4.17-1.3.11 on your server as it > fixes a known security vulnerability. > > from the toaster site: > > *12/11/2008* - Updated Squirrelmail to 1.4.17 to resolve security > vulnerability CVE-2008-2379. > > > so, yeah, there is a 99% probability there is some social engineering > going on there. > > > -- > Regards, > fuzzy > > > - > Managed Qmailtoaster servers are now available >Visit http://qmailtoaster.com/QMTManaged.html to order yours today! > > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > > To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com > For additional commands, e-mail: testing-h...@qmailtoaster.com > > > -- Wireless Etc David Milholen Lead Coordinator Phone:(501)318-1300 Email:dmilho...@wletc.com Web:www.wletc.com - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] squirrelmail spam scam
David Milholen wrote: I had a customer send me an email that came to his inbox and it had a small paragraph that explained that squirrelmail users needed to upgrade to some new package due to some confusion with earlier releases and to click here for updates. I told him not to click anything and forward as an attachment so I could review it. When I clicked the link firefox told me the site was a phishing site and asked to continue. Anyone seen that before? TM DAVE from the squirrelmail site /quote *SECURITY: Spam Alert* /Feb 23, 2009 by Paul Lesniewski/ The spammer that has been sullying our good name for the past year continues to send out huge amounts of spam encouraging people to supposedly upgrade to what they claim is our newest version, 1.4.15. That is in fact not our newest version, but moreover, they provide a link in their spam that sends the victim to a login page that looks like the normal SquirrelMail login page - if you input any credentials on this page, of course, the spammer takes them and most likely uses them to send spam from your email account. You can NEVER upgrade SquirrelMail by simply "logging in" somewhere. The SquirrelMail team NEVER sends out unsolicited email, especially any that require your personal email username and password! /endquote you should have squirrelmail-toaster-1.4.17-1.3.11 on your server as it fixes a known security vulnerability. from the toaster site: *12/11/2008* - Updated Squirrelmail to 1.4.17 to resolve security vulnerability CVE-2008-2379. so, yeah, there is a 99% probability there is some social engineering going on there. -- Regards, fuzzy - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
[qmailtoaster] squirrelmail spam scam
I had a customer send me an email that came to his inbox and it had a small paragraph that explained that squirrelmail users needed to upgrade to some new package due to some confusion with earlier releases and to click here for updates. I told him not to click anything and forward as an attachment so I could review it. When I clicked the link firefox told me the site was a phishing site and asked to continue. Anyone seen that before? TM DAVE -- Wireless Etc David Milholen Lead Coordinator Phone:(501)318-1300 Email:dmilho...@wletc.com Web:www.wletc.com - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] eMPF patch for 1.3.16
A.M. I have installed your patch for empf using empf.sh. It is currently running fine. However, when I installed the rpm's with rpm -Uvh --replacefiles --replacepkgs qmail-toaster*.rpm qmail-pop3d*.rpm I got the same warning as I got with my patch. warning: package qmail-pop3d-toaster = 1.03-1.3.15 was already added, replacing with qmail-pop3d-toaster <= 1.03-1.3.16 Why? What does this mean? Should we be concerned with this warnings? Dave A M wrote: Hi all, Here follows the patch with some changes and with a simple aply-me script (empf.sh). Test in a non production server first, but if it builds it should work just fine. - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com