Incidents
Massive SPAM Increase Oct 06 2006 11:02PM
Alex (incidents alex gotdns org) (2 replies)
Re: Massive SPAM Increase Oct 09 2006 05:01AM
jim barchuk (jb jbarchuk com) (1 replies)
Re: Massive SPAM Increase Oct 09 2006 11:00PM
Graeme Fowler (G E Fowler lboro ac uk)
Re: Massive SPAM Increase Oct 08 2006 09:30PM
Kurt Seifried (bt seifried org) (1 replies)
Re: Massive SPAM Increase {-2.6} Oct 09 2006 01:15AM
Vini Engel (vini fugspbr org) (1 replies)
Re: Massive SPAM Increase {-2.6} Oct 09 2006 04:06AM
Kurt Seifried (bt seifried org) (1 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 05:06AM
Vini Engel (vini fugspbr org) (1 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 06:33PM
Paul Schmehl (pauls utdallas edu) (3 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 02:46AM
Valdis Kletnieks vt edu (1 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 03:52AM
Paul Schmehl (pauls utdallas edu) (3 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 01:20AM
Jamie Riden (jamesr europe com)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 05:04PM
benfell raven cybernude org (2 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 05:38PM
Paul Schmehl (pauls utdallas edu) (1 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 01:44AM
gabriel rosenkoetter (gr eclipsed net)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 05:29PM
Valdis Kletnieks vt edu
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 05:44AM
Valdis Kletnieks vt edu (1 replies)
Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 05:17PM
Paul Schmehl (pauls utdallas edu) (2 replies)
--On October 14, 2006 1:44:04 AM -0400 Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:

> On Fri, 13 Oct 2006 22:52:12 CDT, you said:
>
>> I'm not sure what you mean by "split inbound and outbound", but any
>> outbound MX host *should* be listed in DNS.
>
> Tell you what. Explain what an *OUTBOUND* MX is, and I'll see what I
> can do.
>
> The machine in question is *NOT* listed as an MX, because it is *NOT* a
> machine that should be accepting *inbound* mail for the domain. Its
> purpose in life is to send mail to off-campus sites.
>
It appears that what you're missing is that this one "flaw" is not enough
to get mail rejected by policyd-weight. Policyd-weight, much like SA,
works on cumulative scoring. One "bad" thing isn't going to get your mail
rejected. But, in general, spam, viruses, phishing scams, et. al. will
not only not be listed as an MX in DNS, they also won't reverse. They
also forge the domain. They also lie about the sender domain. They also
come from dialups or from known "spammy" servers. So, the *cumulative*
effect is that the mail gets rejected.

One "flaw" such as a missing MX record is not going to cause a problem.

Paul Schmehl (pauls (at) utdallas (dot) edu [email concealed])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
0?ñ *?H?÷
 ?â0?Þ1 0 +0  *?H?÷
 ? Þ0?÷0?` =ÏóD¦4°k>-@N_zS0
 *?H?÷
0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA0
060830000000Z
070830235959Z0ô1'0%U
The University of Texas System1-0+U $The University of Texas at Dallas CA1F0DU =www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)9910U Mail Stop - UTD10U Paul Schmehl1!0 *?H?÷
 pauls (at) utdallas (dot) edu0 [email concealed]?"0
 *?H?÷
?0?
??\õ"&Y%¥ÊKe?E?$ÚÑ
,`?SÈ@roÞ?¶*qªp|!ZÛï*Õ¿UG'æ¿AIºDÅén©ýj?:K-?·Õõ!§uE?×BØh'{
Ó
¸¾õÓÓNðÂ?¼qS ¨Ã??UNkQ]¾öU??ÏòêYÚ"óÖå«bÙ×âüä/?jµÛ??µwd7ÄöõSÆ$¬còxýäå©??r;û|5
7³®÷é®4búÊå8À¿«8?¸}K6ÑØÒ?4p ìï?ø8ϳ?mHàðÑ?Çäüë5!£hÖ·9?)léú7£? 0?0 U00U0pauls (at) utdallas (dot) edu0 [email concealed]?$U ?0?0? `?H?øE0?0++https://www.verisign.com/rpa-
kr0Ò+0ÅÂNOTICE: Private key may be recovered by VeriSign's customer who may be able to decrypt messages you send to certificate holder. Use is subject to terms at https://www.verisign.com/rpa-kr (c)99.0 `?H?øB?0uUn0l0j h f?dhttp://onsitecrl.verisign.com/TheUnive
rsityofTexasSystemTheUniversityofTexasatDallasCA/LatestCRL.crl0 U
?0U%0++0
 *?H?÷
iË?ØáÀ¥Ëv½s??ärbµác9X5©!Áu?ºÏk0áìß%ªÛx7-?ÖaáaÙyb6Ïë?RKJà¡z
¡,íÊ?Þ÷~7?Ï?{µà¯º]yå3DÖ?\Ç 3g
n7BªÛ.Ì"çÈ+YO{áRÆF%øc¸ï¼ð0?Ø0?A Aì=§?ÄöÕ ÝÑe0
 *?H?÷
0Á1 0 UUS10U
VeriSign, Inc.1<0:U 3Class 2 Public Primary Certification Authority - G21:08U 1(c) 1998 VeriSign, Inc. - For authorized use only10U VeriSign Trust Network0
990331000000Z
090330235959Z0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA0?0
 *?H?÷
0?¿êï?ë
Áù"ÁÑÁÌÛzÚ¾6Òp`0`åàS/5ôɨ)ÖÞ=ó?d}¾Ñ?Tx?ÿ¢xñû?«Ãü?LÂIA
áÀÒ¥×ü~ÿBQNtóÕhs¥]1øæ)%c¨#?Dj?°9ñïÛFXú¸ÏKózÁ¢I??#Cº?2?£¥0¢0
)U"0 ¤010UPrivateLabel1-1400 `?H?øB0DU =0;09 `?H?øE0*0(+https://www.verisign.com/RPA0U
0ÿ0 U0
 *?H?÷
S µÜ²¶?Ñ P?É8yÜȲI¿¸S?o?̲äz|ü£è_a^_??ZÒ?"ñ¼íñT¶T¦T¡T¼iÇ!7¢?9?§¬ ?è?]?
H9Y?$ C¼??Ü?táæã¾j¤?11#%?¯º,Q?Y¦£?Ò´ÎT0?0?l¹/`Ì??¡zF ¸[pl?¯0
 *?H?÷
0Á1 0 UUS10U
VeriSign, Inc.1<0:U 3Class 2 Public Primary Certification Authority - G21:08U 1(c) 1998 VeriSign, Inc. - For authorized use only10U VeriSign Trust Network0
980518000000Z
280801235959Z0Á1 0 UUS10U
VeriSign, Inc.1<0:U 3Class 2 Public Primary Certification Authority - G21:08U 1(c) 1998 VeriSign, Inc. - For authorized use only10U VeriSign Trust Network0?0
 *?H?÷
0?§?!t,çð?á?<!ñ?Û?é?ü¾_RÈÌ,V,¸i,Ì?­°?®yò9Á{?º
,èÂ?,ªié ôÇ©¤BÂ#OJØð¢û1lÉæo?'õæôLx?mëF?ú¹?ÉTò²Ä¯ÔFZÉ0ÿ
lõ-mÎw0
 *?H?÷
r.ùÑñqûÄ?öÅ^Q?@?¸hø??Ø❽ÿí¡æfê/ ôÊ×ê¥+?ö$`?MD.?¥Ä- Ó®xiorÚl®ðc?7æ»Ä0­wÌI5ªÏ؏Ѿ·?GsjT"4d-¶?Y[´QY:³ 
ôßg ô­2d^±Fr'?{ÅD´®1?Û0?×0ÿ0ê1'0%U
The University of Texas System10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)991200U )Class 2 CA - OnSite Individual Subscriber1-0+U$The University of Texas at Dallas CA=ÏóD¦4°k>-@N_zS0 + ±0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
061014171751Z0# *?H?÷
 19?~?¢ XÆ%
;À?*ª9j0R *?H?÷
 1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0
 *?H?÷
?xê¶FÕ½A^7Ë?E&¼?òÑO?ãÉ?¨ñ+¡hW*Ø3 ;' ¸±è2¼9ûUY?я¾!¼?SªÕ uûéÒ/r]?BSvrT?ÍQ??ª®gXÈ?z?ôRn?­¸Æ
&àþÃààÊ
>À?ºÁ°¡¶ü
??Ú£ÔWMíxe??ûK¡K.â?"Øõïò>ÆÑ!14;È??wò^ämSãÃdõ4¼>þx1+9V?¥WQA«×?ÁÏ
×п??zi??Jç¹Èô?KöÚ 5ÃòiZcûW?ÖÂ+??3Xý®Ý[xcÈ`
~?

[ reply ]
Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 01:59AM
Dude VanWinkle (dudevanwinkle gmail com)
Re: Massive SPAM Increase Oct 16 2006 03:57PM
gabriel rosenkoetter (gr eclipsed net) (1 replies)
Re: Massive SPAM Increase Oct 17 2006 01:33AM
Jamie Riden (jamesr europe com)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 11:09PM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
Re: Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 11:43PM
Luke Burton (luke burton echidna id au) (1 replies)
Re: Massive SPAM Increase Oct 10 2006 07:44PM
Tillmann Werner (tillmann werner gmx de)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 09:29PM
Tim (tim-forensics sentinelchicken org) (2 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:33PM
Paul Schmehl (pauls utdallas edu) (2 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 11:48PM
Tim (tim-forensics sentinelchicken org)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:47PM
Nathaniel Hall (nathaniel d hall gmail com)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:28PM
Brent Kearney (brent kearneys ca) (1 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:38PM
Paul Schmehl (pauls utdallas edu)


 

Privacy Statement
Copyright 2010, SecurityFocus