I've been seeing a lot of emails with a randomly generated from at
hotmail with subjects like:
¡yªL¦w®R¡z¦b¿?«?oÄ?AºCºC²?ú¦OA
¡À~QQ®õ°?kf¥þ»r!¥|¯Uº¡I¡I
@[EMAIL PROTECTED]
¬?¦?C¶]¸ô¤H³òÆ[
¬ü¬üªº¤W?ð¡A¯u·Q¤W¦o
Are there any rules out there to help pick up emails such as these?
Thanks
Chris
---
Looking though our held folder in Spam Review I see a lot more domains with
$domain in the from e-mail address. i.e. [EMAIL PROTECTED]
I assume this is a problem with the spamming software these people are using.
A test for this (and possibly other non-standard characters) in the 'From' field
- Original Message -
From: Chris Ulrich [EMAIL PROTECTED]
I've been seeing a lot of emails with a randomly generated from at
hotmail with subjects like:
¡yªL¦w®R¡z¦b¿?«?oÄ?AºCºC²?ú¦OA
¡À~QQ®õ°?kf¥þ»r!¥|¯Uº¡I¡I
@[EMAIL PROTECTED]
¬?¦?C¶]¸ô¤H³òÆ[
¬ü¬üªº¤W?ð¡A¯u·Q¤W¦o
Are there
Thanks. I'll give it a try
At 12:42 PM 9/7/2004, you wrote:
- Original Message -
From: Chris Ulrich [EMAIL PROTECTED]
I've been seeing a lot of emails with a randomly generated from at
hotmail with subjects like:
¡yªL¦w®R¡z¦b¿?«?oÄ?AºCºC²?ú¦OA
¡À~QQ®õ°?kf¥þ»r!¥|¯Uº¡I¡I
@[EMAIL
I noted today in the release notes for IMail 8.13 that they have finally
decided to allow their Web server (for Web mail) to only bind to a
single IP by way of a registry tweak. I would imagine that this means
that it can finally be installed on port 80 on the same box as IIS or
something
Title: IIS Worm
Weve spent the morning battling a worm. Heres the news:
Its designed to exploit a vulnerability in Microsoft IIS (we use it for delivery) that is so new it doesnt yet have a name. Its not yet in wide circulation, we just push so much mail weve seen it already. MS doesnt yet
Ok Bill...
I know I am a day late and a dollar short.. but what would be the syntax to
enter these in?
Bennie
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Friday, August
Try this:
Replace the 4 and the 1 in the 5th column with your desired weight.
The black looks pretty good 99.6% of what it detects is spam
The suspicious is about 90% of what it detects is spam
The white wasn't worth using using for me. Too much spam detected as not-spam.
SENDERDB-BLACK ip4r
Title: Message
My
surbl setup has been running fine up till 1:00 am this
morning
my
setup is:
SURBL filter
d:\IMail\Declude\surbl\surbl.txt x
200
In the
log file I now get:
Tue
09/07/2004 5:15p Update failed [conversion error]
Nothing has changed in my setup and the log file has
It's working ok here just tried 2 minutes ago:
Tue 09/07/2004 4:41p Update successful [983 entries]
If it was a one time only thing, maybe you caught a bad download or there was
something bad in the zone.
A conversion error implies something wrong here:
rem --- Convert line breaks from LF to
Knock on wood, we have never had issues with hacks or worms due to our
customized install. I would strongly recommend that everyone use the
IIS Lockdown Tool which stops most exploits even if they are unpatched:
Following is my surbl settings, can you see anything wrong there?:
rem --- Settings (see explanation above): ---
set v_path=D:\IMail\Declude\SURBL
set v_limit=3000
set v_maxweight=20
set v_skipweight=20
set v_url=http://www.surbl.org/sc.surbl.org.rbldns
set v_exclude=test.surbl.org
12 matches
Mail list logo