We have been using Declude, Sniffer and invURIBL for years now with great
success. But yesterday we got bit by a phish attack through SmarterMail.
They used SMPT authentication to bypass all the time and money we spent on
defenses against the bad guys. The root of the problem: SmarterMail is
Well, might be news to you but Imail has the same problem. There was
discussion about this on the Imail list awhile back and IIRC Kevin said it
is now on the list of features to be added.
John T
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Are you using the Declude Hijack functionality? That would have quarantined
any unauthorized bulk mail from leaving the system.
Chris
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T
(lists)
Sent: Wednesday, February 07, 2007 11:41 AM
To:
In the meantime a javascript could be added to the form to validate the
password supports your requirements. I have done this with other parts of the
interface. Like only allowing forwarding email to the same domain and Removing
unwanted report as spam button.
Kevin Bilbee
From: [EMAIL
Good point Chris. Not up to this point. We have been pretty lucky up to this
date. We are in the process of turning it on as a stop gap against the lack
of software password rules. SmarterMail and now it looks like iMail too,
need to be part of the solution not the problem.
Mike
From:
I am finally getting my SPF records up but would like some comments on
whether I got it right.
I would like to be able to send email from any IP address in my
216.15.92.0/25 network. Currently I have MX records for mail.commarts.com
(216.15.92.3) which is the only mail server that receives mail
Sorry for the re-posting but I forgot to add a Subject.
I am finally getting my SPF records up but would like some comments on
whether I got it right.
I would like to be able to send email from any IP address in my
216.15.92.0/25 network. Currently I have MX records for mail.commarts.com
If your MX and A records are also in the 216.15.92.0/25 network, then you
don't need to specify the a and mx parameters, so you could simplify to
No enforcement, other hosts may send mail for the domain
v=spf1 ip4:216.15.92.0/25 ?all
Soft fail if policy violated. Filters may or may not block on
fyi -
http://www.darkreading.com/document.asp?doc_id=116685WT.svl=news2_1
-Nick
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at
Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail
server start sending out the stock reports email , even when I stop the
imail smtp process , nothing is in the Imail logs indicating problems . I
have ran full scans with frprot and Symantec .
Need help please , I have
Those are not the only DNS attacks...
TWC had one as well, I believe. One of their servers was knocked off the
net two days ago. I was monitoring my DNS changes at network solutions,
waiting for propagation and I kept getting random packet loss on it.
Karl Drugge
-Original
So where's Scott in this picture? And who's Paul Parisi, other than CTO of
DNSstuff.com? Is Scott selling DNSstuff and DNSreport as well?
Darin.
- Original Message -
From: Nick Hayer [EMAIL PROTECTED]
To: declude.junkmail@declude.com
Sent: Wednesday, February 07, 2007 5:06 PM
Since you are using Declude, start using Hijack NOW! That is for starters.
Review the logs to see where the IP is and block that IP.
John T
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard
Smith (N.O.R.A.D.)
Sent: Wednesday, February 07, 2007
I called Howard on this, but for everyone else's info, if you are seeing
this, look for ssm.exe to be a running process. I found this on an
Imail server that I administer for another company this morning. The
file was showing processing time in the task manager and showed up on
the Services list
Howard
What version of Declude?
Do you have Hijack?
If so turn it on.
Do your delcude logs show anything?
Are you scanning all outgoing mail as well?
If you are behind a firewall, ( you better be) shut down imail and check
the firewall logs for outgoing smtp traffic.
Perhaps even disallow
Also look at black ice server from ISS. Hijack is an excellent tool too.
Kindest Regards
Craig Edmonds
123 Marbella Internet
www.123marbella.net
www.marbellaguide.com
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T
(lists)
Sent: Thursday, February 08, 2007 12:15 AM
Hello All
Justin Moose , hit it on the nail it was an worm process ssm , for info
it bypass imail completely thus it was nor in any logs , so declude could
not help . We do not know how it got there, but it show up on 1/28/7 then
when dormant until 2/5/7 .
Please explain how
Posted By: ST-TUzzanti in SmarterMail
Subject: Re: Heads up to all e-mail server and domain admins
__
There is a task for a future minor version allowing the system admin to
force certain password requirements. This will go beyond length and will
allow dictating
Our black ice display has been showing:
[Suspicious Activity] This signature detects PE/COFF executable files that
have been packed using the UPX tool. While the presence of a UPX packed
executable does not in itself represent an attack, it can be considered an
anomaly. The UPX tool is
Going aGoogling found that the Intel LANDesk uses a file called ssm.exe and
there are a couple of programs listed as monitors using it, so be careful
before just deleting that file.
Exactly where was the file?
Since Howard is running IMail 8.15 this means that his server has been
The file location is C:\WINNT\system32\ssm.exe - 118kb date 02/05/7 2:45
Howard Smith
N.O.R.A.D. Inc.
P.O. Box 680116
Miami, Florida 33168
www.norad.com http://www.norad.com/
[EMAIL PROTECTED]
Office - (305) NETWORK (638-9675)
Sales - (786) 206-0045
Fax 1 - (305)
Howard,
These are always blended threats. You were hacked through another
mechanism and through that mechanism this file was placed on your
system. There's a 99.9% chance that your server is still hacked and
that this program can be placed there again, or might even appear
automatically at
SMSS.exe is also a legitimate program in the Windows OS (Session
Manager Subsystem ).
Mike
At 07:57 PM 2/7/2007, you wrote:
Going aGoogling found that the Intel LANDesk uses a file called
ssm.exe and there are a couple of programs listed as monitors using
it, so be careful before just
23 matches
Mail list logo
