Incidents
Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 06:30AM
Paul Schmehl (pauls utdallas edu)
--On October 14, 2006 1:44:04 AM -0400 Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:

> On Fri, 13 Oct 2006 22:52:12 CDT, you said:
>
>> I'm not sure what you mean by "split inbound and outbound", but any
>> outbound MX host *should* be listed in DNS.
>
> Tell you what. Explain what an *OUTBOUND* MX is, and I'll see what I
> can do.
>
> The machine in question is *NOT* listed as an MX, because it is *NOT* a
> machine that should be accepting *inbound* mail for the domain. Its
> purpose in life is to send mail to off-campus sites.
>
It appears that what you're missing is that this one "flaw" is not enough
to get mail rejected by policyd-weight. Policyd-weight, much like SA,
works on cumulative scoring. One "bad" thing isn't going to get your mail
rejected. But, in general, spam, viruses, phishing scams, et. al. will
not only not be listed as an MX in DNS, they also won't reverse. They
also forge the domain. They also lie about the sender domain. They also
come from dialups or from known "spammy" servers. So, the *cumulative*
effect is that the mail gets rejected.

One "flaw" such as a missing MX record is not going to cause a problem.

Paul Schmehl (pauls (at) utdallas (dot) edu [email concealed])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

The sender believes that this E-mail and any attachments were free of any
virus, worm, Trojan horse, and/or malicious code when sent. This message and
its attachments could have been infected during transmission. By reading the
message and opening any attachments, the recipient accepts full
responsibility for taking protective and remedial action about viruses and
other defects. The sender's employer is not liable for any loss or damage
arising in any way from this message or its attachments.
x?>"äè?IPM.Microsoft Mail.Note1 ?!274482872BFD034795234D4490AE0DA1þ ?Ö
#2?Ö
&?FRe: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}ö
??
.@9¶?ìðÆ1@pauls (at) utdallas (dot) edu [email concealed]@0@listbounce (at) securityfocus (dot) com [email concealed]
@qÆðõ?O1?¨ªËCÀ¾®×Ó ÑÍØLZFu ëd
rcpg125B2Ctextó1ÿ÷
?¤ä?ãPVU²QcÂh
Àset2Ãm3F§0ñ4¿Å¹Å#ï ÷;ßí05 `cP d36с ñ --?O Octobq14, Ð06`@:44:04°M§ PÀ V@d.Kleks@vt. ?u w»`°:
¢
?
?>àÍ F13â¤h22:@: DJTy` s pd
"å>#U#°I'm în"°& pe"?Ð@%ò??by "s Pi@ ?àund¾ p*0`P*"vb* *Ay&÷*?ÐX hos@*s-úu!0*) (0)- ?A)Á DNS.&? 8Tel %ò(R. 8 Ex S(D?*OÈUTB1ðND-À,ѐ*R'?0(5I¥#Vc?do.ïh(0ÝÁh ?(0.q
P- ?i 2±-@NOT-À}.a ?,Ð+!aÞu)À)±7¦a#V6V?t(b-d-ÒÐce0ý ?g-@)Õ-ÀÀ_À;?(04ð=±n0±IÖtÐ#e
ppp-6³ý)f6± 3*!=³Õ@ño -4°m?À ?°!`&??*@pp¯(ðð;t(V'(!m<Ò@Â(b;?7? (0"òf `w"7?' ð`Ügh
ã
?@ñg=¤}àj.B)1?ð)cÀyd-weiH@0¢vPJkmHP)kÙ(0SA"ôw°!ð»FÑ4 uL` `
7@v(0?ð°<Ñ0±ÀGba'+F?Eãn'@goÿ<ÒHÕ%ñÀ=³"ôI?0±¾B* .I6 r@)pB@
vir9qý2ÑpF¡P3ðB@2Ñÿ0°@0°ð0"ô' þl)@'Â-è8?.u>Aû)@@sAM P¢àN°ÿñ0±6)@"ôZc>Iÿ><[³Zc)<Q)ñFrNÁÿA1q]_A
"ô ?=ðça4à1upFÁÀa³:k'Àw )aB@my?Gpr[20±SoYóÿ-@N8-À"ôIÁF 62ÿI R·"úO?G4(ÿL8?E?,Ñà¡.aG¤7Pç9Tjp``emmh?P9` SÀ?h½ (
°-"* d@ `!`"Q)"ôAdjó*$?In>À7C`ëN0t)@O
àû"ô6U[2r?Að/Ñvx8?@Dp"ôKt p://wv?.oÚÚ/Tà/rd/"ô
?ß 7bq
¢zi6_eÏ0^N°F*E-=³*Rÿ+unò0 JÐ(!ÿP3¡t?}RTӐM¡T¡zT`j?-ñ2ã/ÿ±ÀJq7PBq (Aÿ ðA0¡67?&0\áÿ*R) u}¸ <ÐN±ÿ0?? ?fb.Q"`O;pßT ?E? 0°B)@àïOàQ6"??oD <áÿ}]d´ka 0<e ¾f-Ir)p bór?>ak<ÒmQ°ÿN¢*Rà?b<a7C^ÄÿTÕ*D>A_±IÁdQzÈÎ' m  PoyqG?ÿ) !=ó}Rp±oðÀ?ÂEĐq}awþaÑaÂF??v±?=5i@#}?ppB*
**SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}B6<200610140544.k9E5i5Jc015916 (at) turing-police.cc.vt (dot) edu [email concealed]>C*<ma
ilto:incidents-help (at) securityfocus (dot) com [email concealed]>D/<mailto:incidents-subscribe@s
ecurityfocus.com>E1<mailto:incidents-unsubscribe (at) securityfocus (dot) com [email concealed]>&
6Þ??Nß?ÿÿÿÿñ?ý?ÿa??ÀFx-pstn-levels?(S:78.88405/99.90000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )b??ÀF x-pstn-settings)3 (1.0000:0.5000) s GT3 gt2 gt1 r p m c c??ÀF"x-pstn-addresses%from <pauls (at) utdallas (dot) edu [email concealed]> [db-null] òóhRe%3A %2A%2A%2ASPAM%2A%2A%2A Re%3A %2A%2A%2ASPAM%2A%2A%2A Re%3A Massive SPAM Increase {-2.6} {-2.6}.EML ö ô õG1c=us;a= ;p=hfs;l=NJPSHFSEXBH020610160735460XGXXRù?xܧ@ÈÀB´¹+/á?/O=HFS/OU=
SYLVAN/CN=CONFIGURATION/CN=CONNECTIONS/CN=INTERNET MAIL CONNECTOR (NJPSHFSEXBH02)ø?&Internet Mail Service (NJPSHFSEXBH02)8@(INTERNET MAIL CONNECTOR (NJPSHFSEXBH02)û?xܧ@ÈÀB´¹+/á?/O=HFS/OU=SYLVAN/CN=CONFIGURATION/C
N=CONNECTIONS/CN=INTERNET MAIL CONNECTOR (NJPSHFSEXBH02)ú?listbounce (at) securityfocus (dot) com [email concealed]9@listbounce@security
focus.com@0ñ?O?õðÆ@0¢õðÆ=Re: B***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}58<20061016063014.83111F794E (at) outgoing2.securityfocus (dot) com [email concealed]> ) #
Ö¡2?e--ONOCTOBER14,20061:44:04AM-0400VALDISKLETNIEKS@VT
EDUWROTE:ONFRI,13OCT200622:52:12CDT,YOUSAID:IMNOTS8<20061016063014.8
3111F794E (at) outgoing2.securityfocus (dot) com [email concealed]>×Å--------------------------------
----------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus