Incidents Mode:
(Page 12 of 170)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} 2006-10-16
benfell raven cybernude org
On Mon, 16 Oct 2006 13:29:59 -0400, Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
> On Mon, 16 Oct 2006 10:04:30 PDT, benfell (at) raven.cybernude (dot) org [email concealed] said:
> > Wrong. Completely wrong. Any UNIX-like box with qmail can be configured
> > to send mail out. My laptop, for example. But my domains only receive mail
> >

[ more ]  [ reply ]
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} 2006-10-16
Paul Schmehl (pauls utdallas edu)
--On Monday, October 16, 2006 13:29:59 -0400 Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
>
> What Paul is *trying* to do is deal with the fact that any Windows-like
> box with spamware is *also* configured to send mail out.
>
> What he's *looking* for is called "SPF", not "outbound MX".
>
For various reasons, wh

[ more ]  [ reply ]
Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} 2006-10-16
Paul Schmehl (pauls utdallas edu)
--On October 14, 2006 1:44:04 AM -0400 Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:

> On Fri, 13 Oct 2006 22:52:12 CDT, you said:
>
>> I'm not sure what you mean by "split inbound and outbound", but any
>> outbound MX host *should* be listed in DNS.
>
> Tell you what. Explain what an *OUTBOUND* MX is, and I'll

[ more ]  [ reply ]
Re: possible SMTP attack: command=HELO/EHLO, count=3 2006-10-16
icaltjr yahoo com
Hi All,

Hate to just be a "Me too"-er, but I have also seen these cropping up in the last few days. Have searched google and google groups but have not found any more detailed info (other than possible invalide domain names in header, perhaps with an umlaut) on what is causing it or how to prevent

[ more ]  [ reply ]
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} 2006-10-16
Paul Schmehl (pauls utdallas edu) (1 replies)
--On October 13, 2006 10:46:34 PM -0400 Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:

> On Mon, 09 Oct 2006 13:33:12 CDT, Paul Schmehl said:
>
> (Digging out from a long week of other stuff, sorry for the late
> response)
>
>> Its purpose is to reject *all* mail from bogus MTAs - dialups,
>> misconifigured server

[ more ]  [ reply ]
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} 2006-10-16
Valdis Kletnieks vt edu
Re: strange http get requests in apache access logs 2006-10-16
rowland onobrauche (rowland onobrauche legendplc com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aubs wrote:

> Care to share with all? on the list - After all you did ask for
> help :)
>
> On 13/10/06, *rowland onobrauche* <
> rowland.onobrauche (at) legendplc (dot) com [email concealed]
> <mailto:rowland.onobrauche (at) legendplc (dot) com [email concealed]>> wrote:
>

> Digital Ebola wrote:
>
>> On 1

[ more ]  [ reply ]
possible SMTP attack: command=HELO/EHLO, count=3 2006-10-15
terry white (twhite aniota com)
... ciao:

i'm starting to see a lot of the following.

and i'm not thinking it a good thing ...

muedsl-82-207-247-115.citykom.de [82.207.247.115]: possible SMTP attack:
command=HELO/EHLO, count=3
IGLD-83-130-135-36.inter.net.il [83.130.135.36]: possible SMTP attack:
command=HELO/EHLO, cou

[ more ]  [ reply ]
Re: strange http get requests in apache access logs 2006-10-13
rowland onobrauche (rowland onobrauche legendplc com) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Digital Ebola wrote:

> On 10/13/06, rowland onobrauche <rowland.onobrauche (at) legendplc (dot) com [email concealed]>
> wrote:
>

> Hi all.
>
> Im getting logs such as
>
> "GET
> http://www.escorts-etc.com/cgi-bin/ftop100/rankem.cgi?id=gagvault
> HTTP/1.0" 200 147 "http://www.gag

[ more ]  [ reply ]
Re: strange http get requests in apache access logs 2006-10-13
George Cossins (inamabilis gmail com)
RE: strange http get requests in apache access logs 2006-10-13
Hagen, Eric (hagene DenverNewspaperAgency com)
I would take a seriously hard look at your server. Your are showing a successful (HTTP 200) page view from a spam/porn site in your http logs. This is reason for concern in my opinion and I would investigate network sniffing this traffic or otherwise determining if, in fact, your server is serving

[ more ]  [ reply ]
strange http get requests in apache access logs 2006-10-13
rowland onobrauche (rowland onobrauche legendplc com) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all.

Im getting logs such as

"GET http://www.escorts-etc.com/cgi-bin/ftop100/rankem.cgi?id=gagvault
HTTP/1.0" 200 147 "http://www.gagvault.com/linkspage.html"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

In some of my httpd access logs, ev

[ more ]  [ reply ]
Re: strange http get requests in apache access logs 2006-10-13
Rainer Duffner (rainer ultra-secure de)
Administrivia: Signing off... 2006-10-12
Jesse Gough (jgough securityfocus com)
Hello list,

I will be leaving Symantec at the end of October, and will no longer be moderating
Incidents. Josh Talbot will continue to serve as your moderator going forward.

Regards,

-JG

------------------------------------------------------------------------
------
This List Sponsored by: Black

[ more ]  [ reply ]
RES: Massive SPAM Increase 2006-10-10
Tiago Quadra (tquadra multiplan com br) (1 replies)

The milter API is great, no MTA solution will allow the same level of customization as sendmail with libmilter. For the users that find it difficult to understand and implement there's allow MIMEDefang: a perl script interface to use the milter API filter.

www.mimedefang.org

[]s
TQ

-----Mensage

[ more ]  [ reply ]
Re: RES: Massive SPAM Increase 2006-10-11
Paul Dean (paul thecave ws) (3 replies)
Re: RES: Massive SPAM Increase 2006-10-11
Jamie Riden (jamesr europe com)
Re: Massive SPAM Increase 2006-10-11
Tillmann Werner (tillmann werner gmx de)
Re: RES: Massive SPAM Increase 2006-10-11
Michael T. Babcock (mike triplepc com)
Policyd-weight: WAS: Massive SPAM Increase 2006-10-09
Paul Schmehl (pauls utdallas edu)
--On Monday, October 09, 2006 17:47:51 -0500 Nathaniel Hall
<nathaniel.d.hall (at) gmail (dot) com [email concealed]> wrote:

> Sounds a lot like SpamAssassin.
>
With one huge difference. Policyd-weight rejects the mail *before* DATA,
so the MTA never has to handle the mail. No queueing, no attempted
deliveries, etc., etc.

[ more ]  [ reply ]
(Page 12 of 170)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus