Hello,
We're getting the standard UPS attachment scam. An exe is inside a zip
file.
Mimedefang catches most of these but it misses a few. I decided to track
one of the few through mimedefang and found out why in mimedefang.pl
if Archive::Zip doesn't return an AZ_OK then mimedefang lets the
On Thu, Jan 14, 2010 at 10:54:14AM -0600, Cliff Hayes wrote:
if Archive::Zip doesn't return an AZ_OK then mimedefang lets the attachment
through. From what I could find out, if Archive::Zip doesn't return AZ_OK
then there is a problem with the zip file. I'd rather block defective zip
files
Actually this topic was covered a while back when there were RAR files
masquerading as zip files.
Here's a function I call from filter_bad_filename. I've modified my filter
to handle a return of 1 as a bad file and 2 as a really bad file which
outright blocks the email.
sub
David F. Skoll d...@roaringpenguin.com wrote:
wbr...@e1b.org wrote:
Why shouldn't I find some honey-pot addresses and submit submit them to
subscribe?
Because, IMO, that subverts the purpose of honeypots. A honeypot
is designed as a passive spammer attractor; actively subscribing
someone
Dave,
Tried to send you 2 samples; got this error 550 5.1.1
d...@roaringpenguin.com... User unknown
I checked the valuse of -read() per your request. It is 3 which is
format error in the zip file which is what I expected. Did some further
checking and here are the possible values:
AZ_OK (0)
On Thu, Jan 14, 2010 at 12:14:47PM -0600, Cliff Hayes wrote:
Tried to send you 2 samples; got this error 550 5.1.1
d...@roaringpenguin.com... User unknown
That's odd -- I can't find any delivery attempt in our logs. I did get
your off-list reply telling me that you were about to send the
Reference my last email ... I wasn't very clear.
Here is the original code:
sub re_match_in_zip_directory ($$) {
my($zipname, $regexp) = @_;
unless ($Features{Archive::Zip}) {
md_syslog('err', $MsgID: Attempted to use
re_match_in_zip_directory, but Perl module Archive::Zip is not
On 1/14/2010 10:05 AM, Andrzej Adam Filip wrote:
David F. Skolld...@roaringpenguin.com wrote:
wbr...@e1b.org wrote:
Why shouldn't I find some honey-pot addresses and submit submit them to
subscribe?
Because, IMO, that subverts the purpose of honeypots. A honeypot
is designed as a passive
Kelson wrote on 01/14/2010 02:43:35 PM:
It's not the effect that's at issue, it's the process.
The whole point of a honeypot is that you have a guarantee that no one
has ever requested that mail go to that address, so any mail sent there
is unsolicited by definition.
If you subscribe an
wbr...@e1b.org wrote:
Kelson wrote on 01/14/2010 02:43:35 PM:
It's not the effect that's at issue, it's the process.
The whole point of a honeypot is that you have a guarantee that no one
has ever requested that mail go to that address, so any mail sent there
is unsolicited by definition.
Playing games with spammers is fun. You could always do something like this:
DNS records:
fake.hostname.example.com. IN MX 10 tarbaby.junkemailfilter.com.
MX 20 mail.example.invalid.
MX 30 localhost.
On 1/14/2010 4:12 PM, - wrote:
I had that for a bit where my low priority MX host was routed to self and SBC
(Ameritech)
used to reject any email from as their servers knew the seconday/low-priority
route was bogus.
Poo.
-Ben
--
Ben Kamen - O.D.T., S.P.
12 matches
Mail list logo