Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread Bill Cole
On 13 Apr 2018, at 6:36 (-0400), Giovanni Bechis wrote: On 04/13/18 09:06, Sebastian Arcus wrote: Hello all. I am getting some fp's with emails from QuickBooks / Intuit with the above rule: Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==> got hit:

Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread Sebastian Arcus
On 13/04/18 11:36, Giovanni Bechis wrote: On 04/13/18 09:06, Sebastian Arcus wrote: Hello all. I am getting some fp's with emails from QuickBooks / Intuit with the above rule: Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==> got hit: "https://myturbotax.intuit.com;

Re: Please add these blocks

2018-04-13 Thread David Gibbs
On 4/13/2018 8:40 AM, David Jones wrote: P.S. I would love to help with any RBL/URIBLs with honeypot/spamtrap accounts if anyone would like to contact me off list. I have a few domains that I will _never_ receive email on ... I would like to contribute too. david -- IBM i on Power

Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread Sebastian Arcus
On 13/04/18 16:39, John Hardin wrote: On Fri, 13 Apr 2018, John Hardin wrote: On Fri, 13 Apr 2018, John Hardin wrote: On Fri, 13 Apr 2018, Giovanni Bechis wrote: On 04/13/18 09:06, Sebastian Arcus wrote: But when it hits, it still adds 2.0 to the score (and I haven't customized the

Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread John Hardin
On Fri, 13 Apr 2018, Sebastian Arcus wrote: On 13/04/18 11:36, Giovanni Bechis wrote: On 04/13/18 09:06, Sebastian Arcus wrote: Hello all. I am getting some fp's with emails from QuickBooks / Intuit with the above rule: Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD

app.userengage exploit and apple/itunes phish

2018-04-13 Thread Alex
Hi, this appears to be some phish using the app.userengage.com service that is still not detected by clam or any URIBL https://pastebin.com/raw/3gaVEJSK It leads to some redirect that's marked as "deceptive" by chrome, but app.userengage.com is a legitimate site, so not sure what's going on with

URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread Sebastian Arcus
Hello all. I am getting some fp's with emails from QuickBooks / Intuit with the above rule: Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==> got hit: "https://myturbotax.intuit.com; On a slightly different note, and mainly for my curiosity to understand SA rules

Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread Giovanni Bechis
On 04/13/18 09:06, Sebastian Arcus wrote: > Hello all. I am getting some fp's with emails from QuickBooks / Intuit with > the above rule: > > Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==> got > hit: "https://myturbotax.intuit.com; > > On a slightly different note, and

Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread John Hardin
On Fri, 13 Apr 2018, Giovanni Bechis wrote: On 04/13/18 09:06, Sebastian Arcus wrote: Hello all. I am getting some fp's with emails from QuickBooks / Intuit with the above rule: Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==> got hit: "https://myturbotax.intuit.com;

Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread John Hardin
On Fri, 13 Apr 2018, John Hardin wrote: On Fri, 13 Apr 2018, Giovanni Bechis wrote: On 04/13/18 09:06, Sebastian Arcus wrote: Hello all. I am getting some fp's with emails from QuickBooks / Intuit with the above rule: Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==>

Re: URI_TRY_3LD fp's with QuickBooks Intuit emails

2018-04-13 Thread John Hardin
On Fri, 13 Apr 2018, John Hardin wrote: On Fri, 13 Apr 2018, John Hardin wrote: On Fri, 13 Apr 2018, Giovanni Bechis wrote: On 04/13/18 09:06, Sebastian Arcus wrote: But when it hits, it still adds 2.0 to the score (and I haven't customized the score anywhere else). Is this a special

Please add these blocks

2018-04-13 Thread David Jones
Calling all RBL/URIBL operators on this list, please block these: https://pastebin.com/gGkK2gMq https://pastebin.com/L7gygRn7 https://pastebin.com/ukaQ1pps https://pastebin.com/DBiUT6k3 https://pastebin.com/Hcm6mLzx I receive a ton of these daily and they aren't listed on anyone's

Re: Please add these blocks

2018-04-13 Thread Kevin A. McGrail
Done for PCCC's wild list. -- Kevin A. McGrail Asst. Treasurer & VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Fri, Apr 13, 2018 at 9:40 AM, David Jones wrote: > Calling all RBL/URIBL