I've seen an increase of pop3 dictionary attacks. The cracking daemons usually are running from china.
[]s Fosforo -- "O caminho do homem justo é rodeado por todos os lados pelas injustiças dos egoístas e pela tirania dos homens de mal. Abençoado é aquele que, em nome da caridade e da boa-vontade pastoreia os fracos pelo vale da escuridão, para quem ele é verdadeiramente seu irmão protetor, e aquele que encontra suas crianças perdidas. E Eu atacarei, com grande vingança e raiva furiosa àqueles que tentam envenenar e destruir meus irmãos. E você saberá: chamo-me o Senhor quando minha vingança cair sobre você". -Jules (e um tal de Ezequiel) 2010/3/10 Dennis B. Hopp <dh...@coreps.com>: > We seem to be having a problem where clients that we interact with > regularly are having their hotmail/gmail/yahoo accounts hijacked. We > are receiving e-mails from their accounts that legitimately go through > the correct servers (hotmail,yahoo, etc.) and so they get passed through > our spam filters. The messages have different bodies but basically say > the same thing that they were on vacation and had all their money stolen > so they need to have money wire transferred to them. > > Obviously we just have to tell the clients that they need to deal with > the various e-mail providers, but is there an effective way that I can > filter these messages out before my users see them without blacklisting > the address? In one case I had probably 15 users that received the same > message and naturally they freaked out. > > I have put a sample at: > > http://pastebin.com/9BDXrxmm > > Note I did change the real e-mail address in this message but the > hotmail address used is valid just masked. > > The message doesn't hit any rules of significance on my system. > > BAYES_00=-1.9,FREEMAIL_FROM=0.001,HTML_MESSAGE=0.001,RCVD_IN_DNSWL_NONE=-0.0001,SPF_PASS=-0.001,T_RP_MATCHES_RCVD=-0.01,T_TO_NO_BRKTS_FREEMAIL=0.01 > > > Thanks > > --Dennis > >
