You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2010/05/18 23:24:41 UTC
spamassassin documentation web sites DOSing ress.com
probably not intentional, but with all the copies of the
SpamAssassin::CONF files all over the world (and the silly spammers
harvesting anything with @ in it)
The poor folks at <http://www.ress.com> must be wondering why they keep
getting emails for 'add'
<http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html>
I just went through with our FAQ/Documentation/ marketing folks and
asked them to make sure they use 'user@example.com' and not the random
aol addresses they might have used when documenting things.
host -t mx ress.com
ress.com mail is handled by 10 mx01-dom.earthlink.net.
ress.com mail is handled by 20 mx00-dom.earthlink.net.
mx1.secnap.com.ionspam.net# telnet mx01-dom.earthlink.net 25
Trying 207.217.125.17...
Connected to mx01-dom.earthlink.net.
Escape character is '^]'.
220 whmx-tenant.pas.sa.earthlink.net EL_4_2_10_GMA_35 ESMTP EarthLink
SMTP Server Tue, 18 May 2010 14:20:50 -0700 (PDT)
helo mx1.secnap.com.ionspam.net
250 whmx-tenant.pas.sa.earthlink.net Hello mx1.secnap.com.ionspam.net
[204.89.241.253], please to meet you
mail from: <se...@secnap.com>
250 <se...@secnap.com>... Sender ok
rcpt to: <ad...@ress.com>
250 <ad...@ress.com>... Recipient ok
looks like it accepts wildcard email entries (I put in a random
address), so, this will be causing some backscatter as well. Either
bounces, or if using earthlink CR, the forged sender might be getting a
CR challenge backscatter email.
suggest: sed -i '' '/@ress.com/@example.com/g' on the perl code.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: spamassassin documentation web sites DOSing ress.com
Posted by Mark Martinec <Ma...@ijs.si>.
On Tuesday May 18 2010 23:24:41 Michael Scheidell wrote:
> probably not intentional, but with all the copies of the
> SpamAssassin::CONF files all over the world (and the silly spammers
> harvesting anything with @ in it)
>
> The poor folks at <http://www.ress.com> must be wondering why they keep
> getting emails for 'add'
> <http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html>
>
> I just went through with our FAQ/Documentation/ marketing folks and
> asked them to make sure they use 'user@example.com' and not the random
> aol addresses they might have used when documenting things.
>
> host -t mx ress.com
> ress.com mail is handled by 10 mx01-dom.earthlink.net.
> ress.com mail is handled by 20 mx00-dom.earthlink.net.
Fixed (3.3, 3.4), tnx:
Avoid using legit domain ress.com
in the docs: add@ress.com -> user@example.com
Mail/SpamAssassin/Conf.pm
Mail/SpamAssassin/Plugin/Hashcash.pm
Mail/SpamAssassin/Plugin/SPF.pm
Mail/SpamAssassin/Plugin/SpamCop.pm
Mark