On 12/9/2012 10:17 AM, Matus UHLAR - fantomas wrote:
On 02.12.12 14:29, Niamh Holding wrote:
Subject: HELO_DYNAMIC_IPADDR2 HELO_DYNAMIC_SPLIT_IP hitting ham
X-Spam-Report:
* 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious
hostname (IP addr
* 2)
* 3.5
Hello Kevin,
Monday, December 10, 2012, 2:25:06 PM, you wrote:
KAM Can you open a bug please?
Me, or Matus?
--
Best regards,
Niamhmailto:ni...@fullbore.co.uk
pgpvFow5oZY1p.pgp
Description: PGP signature
On Mon, 10 Dec 2012 08:13:35 +1300
Jason Haar wrote:
Hi there
We've been getting hit with waves of MMORPG spam claiming to be Diablo
and Runescape account management emails.
The thing that concerns me is that Yahoo seems to associate the
spammer's initial IP through a Received header
On 12/10/2012 9:37 AM, Niamh Holding wrote:
Hello Kevin,
Monday, December 10, 2012, 2:25:06 PM, you wrote:
KAM Can you open a bug please?
Me, or Matus?
Doesn't matter really. Whomever has the sample?
Hello Kevin,
Monday, December 10, 2012, 2:39:39 PM, you wrote:
KAM Doesn't matter really. Whomever has the sample?
Done and 2 samples attached to the report.
--
Best regards,
Niamhmailto:ni...@fullbore.co.uk
pgpoRWzvixnYZ.pgp
Description: PGP signature
From: John Hardin jhar...@impsec.org
...so what rules *are* they hitting?
Hello John,
I have pasted a recent issue on pastebin: http://pastebin.com/74aAZPw9 ,
score 0.5
Its origin is unfortunately in the US, not Africa.
But if I change
Received: from [173.245.64.9] by
There's a new (to me), overly clever campaign combining Google
Translate with a URL shortener. It's fairly low volume, but most
are sailing thru SA. It's such a goofy pattern it feels like it's
worthy of an Extinction level score. :)
These started yesterday (Dec 9) at around 2am Eastern US
On Mon, 10 Dec 2012 21:34:47 +0100
Frederic De Mees wrote:
From: John Hardin jhar...@impsec.org
...so what rules *are* they hitting?
Hello John,
I have pasted a recent issue on pastebin:
http://pastebin.com/74aAZPw9 , score 0.5
Its origin is unfortunately in the US, not Africa.
On Mon, 10 Dec 2012, Frederic De Mees wrote:
From: John Hardin jhar...@impsec.org
...so what rules *are* they hitting?
Hello John,
I have pasted a recent issue on pastebin: http://pastebin.com/74aAZPw9 ,
score 0.5
Thanks. That is pretty thin to work with...
Its origin is unfortunately
On Mon, 10 Dec 2012, Chip M. wrote:
John H:
I'll send you a couple of raw corpses so you can wave your
RE magic wand. :)
Sanka, but until samples start showing up in the masscheck corpus don't
expect much good from SA...
--
John Hardin KA7OHZ
10 matches
Mail list logo
