Search Results

Search found 1348 results on 54 pages for 'spam blocker'.

Page 18/54 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >

  • Spotting similarities and patterns within a string - Python

    - by RadiantHex
    Hi folks, this is the use case I'm trying to figure this out for. I have a list of spam subscriptions to a service and they are killing conversion rate and other usability studies. The emails inserted look like the following: [email protected] [email protected] [email protected] roger[...]_surname[...]@hotmail.com What would be your suggestions on spotting these entries by using an automated script? It feels a little more complicated than it actually looks. Help would be very much appreciated!

    Read the article

  • Dealing with HTTP w00tw00t attacks

    - by Saif Bechan
    I have a server with apache and I recently installed mod_security2 because I get attacked a lot by this: My apache version is apache v2.2.3 and I use mod_security2.c This were the entries from the error log: [Wed Mar 24 02:35:41 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:31 2010] [error] [client 202.75.211.90] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:49 2010] [error] [client 95.228.153.177] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:48:03 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) Here are the errors from the access_log: 202.75.211.90 - - [29/Mar/2010:10:43:15 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 392 "-" "-" 211.155.228.169 - - [29/Mar/2010:11:40:41 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 392 "-" "-" 211.155.228.169 - - [29/Mar/2010:12:37:19 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 392 "-" "-" I tried configuring mod_security2 like this: SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind" SecFilterSelective REQUEST_URI "\w00tw00t\.at\.ISC\.SANS" SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS" SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:" SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:\)" The thing in mod_security2 is that SecFilterSelective can not be used, it gives me errors. Instead I use a rule like this: SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind" SecRule REQUEST_URI "\w00tw00t\.at\.ISC\.SANS" SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS" SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:" SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:\)" Even this does not work. I don't know what to do anymore. Anyone have any advice? Update 1 I see that nobody can solve this problem using mod_security. So far using ip-tables seems like the best option to do this but I think the file will become extremely large because the ip changes serveral times a day. I came up with 2 other solutions, can someone comment on them on being good or not. The first solution that comes to my mind is excluding these attacks from my apache error logs. This will make is easier for me to spot other urgent errors as they occur and don't have to spit trough a long log. The second option is better i think, and that is blocking hosts that are not sent in the correct way. In this example the w00tw00t attack is send without hostname, so i think i can block the hosts that are not in the correct form. Update 2 After going trough the answers I came to the following conclusions. To have custom logging for apache will consume some unnecessary recourses, and if there really is a problem you probably will want to look at the full log without anything missing. It is better to just ignore the hits and concentrate on a better way of analyzing your error logs. Using filters for your logs a good approach for this. Final thoughts on the subject The attack mentioned above will not reach your machine if you at least have an up to date system so there are basically no worries. It can be hard to filter out all the bogus attacks from the real ones after a while, because both the error logs and access logs get extremely large. Preventing this from happening in any way will cost you resources and they it is a good practice not to waste your resources on unimportant stuff. The solution i use now is Linux logwatch. It sends me summaries of the logs and they are filtered and grouped. This way you can easily separate the important from the unimportant. Thank you all for the help, and I hope this post can be helpful to someone else too.

    Read the article

  • Server compromised. Bounce message contains many email addresses message was not sent to

    - by Tim Duncklee
    This is not a dupe. Please read and understand the issue before marking this as a duplicate question that has been answered already. Several customers are reporting bounce messages like the one below. At first I thought their computers had a virus but then I received one that was server generated so the problem is with the server. I've inspected the logs and these email addresses do not appear in the logs. The only thing I see that I do not remember seeing in the past are entries like this: Apr 30 13:34:49 psa86 qmail-queue-handlers[20994]: hook_dir = '/var/qmail//handlers/before-queue' Apr 30 13:34:49 psa86 qmail-queue-handlers[20994]: recipient[3] = '[email protected]' Apr 30 13:34:49 psa86 qmail-queue-handlers[20994]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]' I've searched here and the web and maybe I'm just not entering the right search terms but I find nothing on this issue. Does anyone know how a hacker would attach additional email addresses to a message at the server and have them not appear in the logs? CentOS release 5.4, Plesk 8.6, QMail 1.03 Hi. This is the qmail-send program at psa.aaaaaa.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[email protected]>: 82.201.133.227 does not like recipient. Remote host said: 550 #5.1.0 Address rejected. Giving up on 82.201.133.227. <[email protected]>: 64.18.7.10 does not like recipient. Remote host said: 550 No such user - psmtp Giving up on 64.18.7.10. <[email protected]>: 173.194.68.27 does not like recipient. Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 w8si1903qag.18 - gsmtp Giving up on 173.194.68.27. <[email protected]>: 207.115.36.23 does not like recipient. Remote host said: 550 5.2.1 <[email protected]>... Addressee unknown, relay=[174.142.62.210] Giving up on 207.115.36.23. <[email protected]>: 207.115.37.22 does not like recipient. Remote host said: 550 5.2.1 <[email protected]>... Addressee unknown, relay=[174.142.62.210] Giving up on 207.115.37.22. <[email protected]>: 207.115.37.20 does not like recipient. Remote host said: 550 5.2.1 <[email protected]>... Addressee unknown, relay=[174.142.62.210] Giving up on 207.115.37.20. <[email protected]>: 207.115.37.23 does not like recipient. Remote host said: 550 5.2.1 <[email protected]>... Addressee unknown, relay=[174.142.62.210] Giving up on 207.115.37.23. <[email protected]>: 207.115.36.22 does not like recipient. Remote host said: 550 5.2.1 <[email protected]>... Addressee unknown, relay=[174.142.62.210] Giving up on 207.115.36.22. <[email protected]>: 74.205.16.140 does not like recipient. Remote host said: 553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1) Giving up on 74.205.16.140. <[email protected]>: 207.115.36.20 does not like recipient. Remote host said: 550 5.2.1 <[email protected]>... Addressee unknown, relay=[174.142.62.210] Giving up on 207.115.36.20. <[email protected]>: 207.115.37.21 does not like recipient. Remote host said: 550 5.2.1 <[email protected]>... Addressee unknown, relay=[174.142.62.210] Giving up on 207.115.37.21. <[email protected]>: 192.169.41.23 failed after I sent the message. Remote host said: 554 qq Sorry, no valid recipients (#5.1.3) --- Below this line is a copy of the message. Return-Path: <[email protected]> Received: (qmail 15962 invoked from network); 1 May 2013 06:49:34 -0400 Received: from exprod6mo107.postini.com (64.18.1.18) by psa.aaaaaa.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2013 06:49:34 -0400 Received: from aaaaaa.com (exprod6lut001.postini.com [64.18.1.199]) by exprod6mo107.postini.com (Postfix) with SMTP id 47F80B8CA4 for <[email protected]>; Wed, 1 May 2013 03:49:33 -0700 (PDT) From: "Support" <[email protected]> To: [email protected] Subject: Detected Potential Junk Mail Date: Wed, 1 May 2013 03:49:33 -0700 Dear [email protected], junk mail protection service has detected suspicious email message(s) since your last visit and directed them to your Message Center. You can inspect your suspicious email at: ... UPDATE: After not seeing this problem for a while, I personally sent a message and immediately got a bounce with several bad addresses that I know I did not send to. These are addresses that are not on my system or on the server. This problem happens with both Mac and Windows clients and with messages generated from Postini and sent to users on my system. This is NOT backscatter. If it was backscatter it would not have the contents of my message in it. UPDATE #2 Here is another bounce. This one was sent by me and the bounce came back immediately. Hi. This is the qmail-send program at psa.aaaaaa.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[email protected]>: 71.74.56.227 does not like recipient. Remote host said: 550 5.1.1 <[email protected]>... User unknown Giving up on 71.74.56.227. <[email protected]>: Connected to 208.34.236.3 but sender was rejected. Remote host said: 550 5.7.1 This system is configured to reject mail from 174.142.62.210 [174.142.62.210] (Host blacklisted - Found on Realtime Black List server 'bl.mailspike.net') <[email protected]>: 66.96.80.22 failed after I sent the message. Remote host said: 552 sorry, mailbox [email protected] is over quota temporarily (#5.1.1) <[email protected]>: 83.145.109.52 does not like recipient. Remote host said: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in virtual mailbox table Giving up on 83.145.109.52. <[email protected]>: 69.49.101.234 does not like recipient. Remote host said: 550 5.7.1 <[email protected]>... H:M12 [174.142.62.210] Connection refused due to abuse. Please see http://mailspike.org/anubis/lookup.html or contact your E-mail provider. Giving up on 69.49.101.234. <[email protected]>: 212.55.154.36 does not like recipient. Remote host said: 550-The account has been suspended for inactivity 550 A conta do destinatario encontra-se suspensa por inactividade (#5.2.1) Giving up on 212.55.154.36. <[email protected]>: 199.168.90.102 failed after I sent the message. Remote host said: 552 Transaction [email protected] failed, remote said "550 No such user" (#5.1.1) <[email protected]>: 98.136.217.192 failed after I sent the message. Remote host said: 554 delivery error: dd Sorry your message to [email protected] cannot be delivered. This account has been disabled or discontinued [#102]. - mta1210.sbc.mail.gq1.yahoo.com --- Below this line is a copy of the message. Return-Path: <[email protected]> Received: (qmail 2618 invoked from network); 2 Jun 2013 22:32:51 -0400 Received: from 75-138-254-239.dhcp.jcsn.tn.charter.com (HELO ?192.168.0.66?) (75.138.254.239) by psa.aaaaaa.com with SMTP; 2 Jun 2013 22:32:48 -0400 User-Agent: Microsoft-Entourage/12.34.0.120813 Date: Sun, 02 Jun 2013 21:32:39 -0500 Subject: Refinance From: Tim Duncklee <[email protected]> To: Scott jones <[email protected]> Message-ID: <CDD16A79.67344%[email protected]> Thread-Topic: Reference Thread-Index: Ac5gAp2QmTs+LRv0SEOy7AJTX2DWzQ== Mime-version: 1.0 Content-type: multipart/mixed; boundary="B_3453053568_12034440" > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3453053568_12034440 Content-type: multipart/related; boundary="B_3453053568_11982218" --B_3453053568_11982218 Content-type: multipart/alternative; boundary="B_3453053568_12000660" --B_3453053568_12000660 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable Scott, ... email body here ... Here are the relevant log entries: Jun 2 22:32:50 psa qmail-queue[2616]: mail: all addreses are uncheckable - need to skip scanning (by deny mode) Jun 2 22:32:50 psa qmail-queue[2616]: scan: the message(drweb.tmp.i2SY0n) sent by [email protected] to [email protected] should be passed without checks, because contains uncheckable addresses Jun 2 22:32:50 psa qmail-queue-handlers[2617]: Handlers Filter before-queue for qmail started ... Jun 2 22:32:50 psa qmail-queue-handlers[2617]: [email protected] Jun 2 22:32:50 psa qmail-queue-handlers[2617]: [email protected] Jun 2 22:32:50 psa qmail-queue-handlers[2617]: hook_dir = '/var/qmail//handlers/before-queue' Jun 2 22:32:50 psa qmail-queue-handlers[2617]: recipient[3] = '[email protected]' Jun 2 22:32:50 psa qmail-queue-handlers[2617]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]' Jun 2 22:32:51 psa qmail: 1370226771.060211 starting delivery 57: msg 1540285 to remote [email protected] Jun 2 22:32:51 psa qmail: 1370226771.060402 status: local 0/10 remote 1/20 Jun 2 22:32:51 psa qmail: 1370226771.060556 new msg 4915232 Jun 2 22:32:51 psa qmail: 1370226771.060671 info msg 4915232: bytes 687899 from <[email protected]> qp 2618 uid 2020 Jun 2 22:32:51 psa qmail-remote-handlers[2619]: Handlers Filter before-remote for qmail started ... Jun 2 22:32:51 psa qmail-queue-handlers[2617]: starter: submitter[2618] exited normally Jun 2 22:32:51 psa qmail-remote-handlers[2619]: from= Jun 2 22:32:51 psa qmail-remote-handlers[2619]: [email protected] Jun 2 22:32:51 psa qmail: 1370226771.078732 starting delivery 58: msg 4915232 to remote [email protected] Jun 2 22:32:51 psa qmail: 1370226771.078825 status: local 0/10 remote 2/20 Jun 2 22:32:51 psa qmail-remote-handlers[2621]: Handlers Filter before-remote for qmail started ... Jun 2 22:32:51 psa qmail-remote-handlers[2621]: [email protected] Jun 2 22:32:51 psa qmail-remote-handlers[2621]: [email protected]

    Read the article

  • Sometimes this script fails to update the iptables

    - by AlJo
    It does not happen often, but sometimes after running the below script, checking the iptables with service iptables status shows that they weren't updated and the script doesn't output any error. The iptables is structured as look-up tree (long repeated sections snipped): #!/bin/sh iptables -t nat -F iptables -t nat -X iptables -F iptables -X iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 93.225.0.0/16 -j ACCEPT iptables -A INPUT -s 15.102.0.0/16 -j ACCEPT iptables -A INPUT -s 47.122.0.0/16 -j ACCEPT iptables -N MY_CHAIN_L1-0 iptables -N MY_CHAIN_L1-1 iptables -N MY_CHAIN_L1-2 iptables -N MY_CHAIN_L1-3 iptables -N MY_CHAIN_L1-4 iptables -N MY_CHAIN_L1-5 iptables -N MY_CHAIN_L1-6 iptables -N MY_CHAIN_L1-7 iptables -N MY_CHAIN_L1-8 iptables -N MY_CHAIN_L1-9 iptables -N MY_CHAIN_L1-10 iptables -N MY_CHAIN_L1-11 iptables -N MY_CHAIN_L1-12 iptables -N MY_CHAIN_L1-13 iptables -N MY_CHAIN_L1-14 iptables -N MY_CHAIN_L1-15 iptables -N MY_CHAIN_L1-16 iptables -N MY_CHAIN_L1-17 iptables -N MY_CHAIN_L1-18 iptables -N MY_CHAIN_L1-19 iptables -N MY_CHAIN_L1-20 iptables -N MY_CHAIN_L1-21 iptables -N MY_CHAIN_L1-22 iptables -N MY_CHAIN_L1-23 iptables -N MY_CHAIN_L1-24 iptables -N MY_CHAIN_L1-25 iptables -N MY_CHAIN_L1-26 iptables -N MY_CHAIN_L1-27 iptables -N MY_CHAIN_L1-28 iptables -N MY_CHAIN_L1-29 iptables -N MY_CHAIN_L1-30 iptables -N MY_CHAIN_L1-31 iptables -N MY_CHAIN_L1-32 iptables -N MY_CHAIN_L1-33 iptables -N MY_CHAIN_L1-34 iptables -N MY_CHAIN_L1-35 iptables -N MY_CHAIN_L1-36 iptables -N MY_CHAIN_L1-37 iptables -A INPUT -m iprange --src-range 1.54.96.0-5.133.179.255 -j MY_CHAIN_L1-0 iptables -A INPUT -m iprange --src-range 5.133.180.0-24.113.159.255 -j MY_CHAIN_L1-1 [snip] iptables -A INPUT -m iprange --src-range 195.13.45.0-198.11.255.255 -j MY_CHAIN_L1-29 iptables -A INPUT -m iprange --src-range 198.12.64.0-199.19.215.255 -j MY_CHAIN_L1-30 iptables -A INPUT -m iprange --src-range 199.21.96.0-200.31.3.255 -j MY_CHAIN_L1-31 iptables -A INPUT -m iprange --src-range 200.31.11.0-202.171.255.255 -j MY_CHAIN_L1-32 iptables -A INPUT -m iprange --src-range 203.130.134.192-206.212.255.255 -j MY_CHAIN_L1-33 iptables -A INPUT -m iprange --src-range 206.214.64.0-211.155.95.255 -j MY_CHAIN_L1-34 iptables -A INPUT -m iprange --src-range 212.19.128.0-216.176.191.255 -j MY_CHAIN_L1-35 iptables -A INPUT -m iprange --src-range 216.189.0.0-218.23.255.255 -j MY_CHAIN_L1-36 iptables -A INPUT -m iprange --src-range 218.30.96.0-223.255.231.255 -j MY_CHAIN_L1-37 iptables -A MY_CHAIN_L1-0 -s 1.54.96.0/20 -j DROP iptables -A MY_CHAIN_L1-0 -s 1.208.0.0/12 -j DROP iptables -A MY_CHAIN_L1-0 -s 1.224.0.0/11 -j DROP [snip] iptables -A MY_CHAIN_L1-0 -s 5.133.178.0/23 -j DROP iptables -A MY_CHAIN_L1-0 -j ACCEPT iptables -A MY_CHAIN_L1-1 -s 5.133.180.0/22 -j DROP iptables -A MY_CHAIN_L1-1 -s 5.135.0.0/16 -j DROP iptables -A MY_CHAIN_L1-1 -s 5.153.232.0/21 -j DROP [snip] iptables -A MY_CHAIN_L1-1 -s 24.113.128.0/19 -j DROP iptables -A MY_CHAIN_L1-1 -j ACCEPT . . . iptables -A MY_CHAIN_L1-29 -s 195.13.45.0/24 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.20.224.0/19 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.31.216.0/26 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.58.245.0/24 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.60.164.0/23 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.60.240.0/22 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.62.10.0/23 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.110.30.0/23 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.154.0.0/16 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.190.13.0/24 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.211.152.0/22 -j DROP iptables -A MY_CHAIN_L1-1 -j ACCEPT [snip more of same to end of script] Can anyone see why this script would silently fail to update the iptables sometimes? Maybe it's not the script? Thanks

    Read the article

  • Output php mail calls to log file

    - by Tom McQuarrie
    This question relates to the question found here: Find the php script thats sending mails Trying to do the exact same thing but can't get the log to output what I need. Not too experienced with serverfault and ideally I'd post my followup on the original question, or PM adam to see if he ever found a solution, but looks as though server fault doesn't work that way. I can post an "answer" but that's definitely not what this is. I have a script located at /usr/local/bin/sendmail-php-logged, with the following: #!/bin/sh logger -p mail.info sendmail-php: site=${HTTP_HOST}, client=${REMOTE_ADDR}, script=${SCRIPT_NAME}, filename=${SCRIPT_FILENAME}, docroot=${DOCUMENT_ROOT}, pwd=${PWD}, uid=${UID}, user=$(whoami) /usr/sbin/sendmail -t -i $* This is logging to /var/log/maillog, but as Adam mentions in his question, none of the server variables work. Output I'm getting is: Oct 4 12:16:21 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache Oct 4 12:16:21 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache Oct 4 12:17:03 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache Oct 4 12:17:05 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root Oct 4 12:17:11 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/var/www/html/aro_chroot/sites/arocms, uid=48, user=apache Oct 4 12:17:14 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root Oct 4 12:17:29 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root Oct 4 12:17:41 fluke logger: sendmail-php: site=, client=, script=, filename=, docroot=, pwd=/root, uid=0, user=root User ID, current user, and pwd are all working, probably because they're globally accessible script resources, and not specific to PHP, like all the others are. I've tried using other server variables as per labradort's instructions, but no joy. Here's some sample tests: logger -p mail.info sendmail-php SCRIPT_NAME: ${SCRIPT_NAME} logger -p mail.info sendmail-php SCRIPT_FILENAME: ${SCRIPT_FILENAME} logger -p mail.info sendmail-php PATH_INFO: ${PATH_INFO} logger -p mail.info sendmail-php PHP_SELF: ${PHP_SELF} logger -p mail.info sendmail-php DOCUMENT_ROOT: ${DOCUMENT_ROOT} logger -p mail.info sendmail-php REMOTE_ADDR: ${REMOTE_ADDR} logger -p mail.info sendmail-php SCRIPT_NAME: $SCRIPT_NAME logger -p mail.info sendmail-php SCRIPT_FILENAME: $SCRIPT_FILENAME logger -p mail.info sendmail-php PATH_INFO: $PATH_INFO logger -p mail.info sendmail-php PHP_SELF: $PHP_SELF logger -p mail.info sendmail-php DOCUMENT_ROOT: $DOCUMENT_ROOT logger -p mail.info sendmail-php REMOTE_ADDR: $REMOTE_ADDR And the output: Oct 4 12:58:02 fluke logger: sendmail-php SCRIPT_NAME: Oct 4 12:58:02 fluke logger: sendmail-php SCRIPT_FILENAME: Oct 4 12:58:02 fluke logger: sendmail-php PATH_INFO: Oct 4 12:58:02 fluke logger: sendmail-php PHP_SELF: Oct 4 12:58:02 fluke logger: sendmail-php DOCUMENT_ROOT: Oct 4 12:58:02 fluke logger: sendmail-php REMOTE_ADDR: Oct 4 12:58:02 fluke logger: sendmail-php SCRIPT_NAME: Oct 4 12:58:02 fluke logger: sendmail-php SCRIPT_FILENAME: Oct 4 12:58:02 fluke logger: sendmail-php PATH_INFO: Oct 4 12:58:02 fluke logger: sendmail-php PHP_SELF: Oct 4 12:58:02 fluke logger: sendmail-php DOCUMENT_ROOT: Oct 4 12:58:02 fluke logger: sendmail-php REMOTE_ADDR: I'm running php 5.3.10. Unfortunately register_globals is on, for compatibility with legacy systems, but you wouldn't think that would cause the environment variables to stop working. If someone can give me some hints as to why this might not be working I'll be a very happy man :)

    Read the article

  • DNSBL listed at zen.spamhaus.org - cant get outgoing mail working? Am I interpreting the response correctly?

    - by Joe Hopfgartner
    I have problem with a mailserver and there is something I kind of not understand! I can connect, authenticate, specify the sender address - but when specifying the reciever i get a error 550 which looks like so: RCPT TO:[email protected] 550-DNSBL listed at zen.spamhaus.org 550 http://www.spamhaus.org/query/bl?ip=62.178.15.161 Now the strange thing is that 62.178.15.161 is my local client address. Not the servers ip address. Also the error code 550 seems to be defined as so: 550 Requested action not taken: mailbox unavailable To me that makes totally no sense. Why this error code with this spamhaus message? Why the local ip adress and not the servers? There is exim running and there is nothing turning up in the logs mail.err mail.info mail.log mail.warn in /var/log I looked up both the servers and the clients ip adress on blacklists. The clients ip adress is listed on some (as expected), but the server is totally clean. Here is the complete telnet log when I reproduced the error. Mail clients like Evolution and Thunderbird give me the same spamhaus error message. joe@joe-desktop:~$ telnet mail.hunsynth.org 25 Trying 193.164.132.42... Connected to mail.hunsynth.org. Escape character is '^]'. 220 hunsynth.org ESMTP Exim 4.69 Sat, 01 Jan 2011 17:52:45 +0100 HELP 214-Commands supported: 214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP EHLO AUTH 250-hunsynth.org Hello chello062178015161.6.11.univie.teleweb.at [62.178.15.161] 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN CRAM-MD5 250-STARTTLS 250 HELP AUTH LOGIN 334 VXNlcm5hbWU6 dGVzdEBodW5zeW50aC5vcmc= 334 UGFzc3dvcmQ6 ***** 235 Authentication succeeded MAIL FROM:[email protected] 250 OK RCPT TO:[email protected] 550-DNSBL listed at zen.spamhaus.org 550 http://www.spamhaus.org/query/bl?ip=62.178.15.161 quit 221 hunsynth.org closing connection Connection closed by foreign host. joe@joe-desktop:~$ Update: I tried the same thing from my other server and could successfully send an email. So it really looks like the server does check the IP wich establiches the connection is in some blacklist. This is theoretically a good thing - but - the authentication on the server should prevent that? Or shouldn't it? Well I just think it would be absurd if I couldn't send email over my smtp server from my dynamic ISP connection because the dynamic is listed, altough i have a clean server with login?

    Read the article

  • plesk 9 spamassassin server wide blacklist via cron?

    - by Kqk
    we're running ubuntu 8.04 LTS and plesk 9.2 our simple task is to set up a periodic black list for spamassassin, e.g. using this script .. #!/bin/sh #! Script by AJR to update local spamassassin rules cd /tmp wget -c http://www.stearns.org/sa-blacklist/sa-blacklist.current mv sa-blacklist.current local.cf -f mv local.cf /etc/mail/spamassassin -f rm local.cf -f /etc/init.d/psa-spamassassin restart now, this script runs fine, but plesk doesn't seem to recognize the blacklist in its GUI. which is annoying, especially because plesk itself writes to /etc/mail/spamassassin/local.cf. i wasn't able to find out the secret place, where plesk distinguishes between entries in local.cf added via GUI and command line. any help is appreciated! thanks.

    Read the article

  • Setup Domain Keys / DKIM on Exchange 2003

    - by Campo
    I need some suggestions for setting up DKIM on my exchange server 2003. We already use SPF but I feel a lot of email providers use this DKIM method. I would like to utilize both systems. This site was the best I could find with step by step instructions. If anyone could get more detailed that would be excellent. Let me know if you need more info.

    Read the article

  • Why is my own e-mail address not listed in the To field?

    - by Sammy
    I have received a suspicious e-mail. I am not affiliated with the company mentioned in the e-mail body, or the signer. However, I have been using the app they mention in the e-mail. They are inviting me to a Beta test. But the e-mail is not by the original author of the app. But I'm thinking they might have hired an external company to do this version of the app. There is a link to a TestFlight page. So I'm not sure what to make of this. Now this is what mainly arose my attention. From: Anders Bergman <[email protected]> To: Bon Support Cc: Subject: Test av nya BBK för Android This is how it shows up in Outlook 2010. The "To" field is addressed to "Bon Support" and when I double-click on that I see [email protected]. I can assure you that none of these are my e-mail addresses. So where the heck is my own e-mail address? How could I have received this if it was addressed to someone else? If not spammers and skimmers and other criminals, who else is using this practice and why? And how can I tell now to what e-mail account I received this? I have more than one account set up in Outlook.

    Read the article

  • I dont qualify for Junk Mail Reportig Program. Alternatives?

    - by Marius
    Hello there! :) I am on shared hosting and therefore does not qualify for MSN Junk Mail Reporting Progra. I am concerned about people who doesnt want my email clicking "report as junk"-button in hotmail, and understand that JMRP send me a message each times somebody clicks the button on one of my emails. I was wondering if there are any other methods I can use to get these messages to prevent mailing the same person again. Thank you for your time. Kind regards, Marius

    Read the article

  • Why an empty MAIL FROM address can sent out email?

    - by garconcn
    We are using Smarter Mail system. Recently, we found that hacker had hacked some user accounts and sent out lots of spams. We have firewall to ratelimit the sender, but for the following email, the firewall couldn't do this because of the empty FROM address. Why an empty FROM address is consider OK? Actually, in our MTA(surgemail), we can see the sender in the email header. Any idea? Thanks. 11:17:06 [xx.xx.xx.xx][15459629] rsp: 220 mail30.server.com 11:17:06 [xx.xx.xx.xx][15459629] connected at 6/16/2010 11:17:06 AM 11:17:06 [xx.xx.xx.xx][15459629] cmd: EHLO ulix.geo.auth.gr 11:17:06 [xx.xx.xx.xx][15459629] rsp: 250-mail30.server.com Hello [xx.xx.xx.xx] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK 11:17:06 [xx.xx.xx.xx][15459629] cmd: AUTH LOGIN 11:17:06 [xx.xx.xx.xx][15459629] rsp: 334 VXNlcm5hbWU6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 334 UGFzc3dvcmQ6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 235 Authentication successful 11:17:07 [xx.xx.xx.xx][15459629] Authenticated as [email protected] 11:17:07 [xx.xx.xx.xx][15459629] cmd: MAIL FROM: 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK < Sender ok 11:17:07 [xx.xx.xx.xx][15459629] cmd: RCPT TO:[email protected] 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK Recipient ok 11:17:08 [xx.xx.xx.xx][15459629] cmd: DATA

    Read the article

  • correct way to prevent SPF failures

    - by Sean Kimball
    I have a website on a hosted server whose mail users are using their ISPs SMTP to send mail. I have set their SPF record to look like this: v=spf1 mx a:comcast.net ip4:216.70.103.0/24 ip4:216.70.101.0/24 ip4:76.96.53.0/24 -all the SMTP host is comcast.net, 76.96.53.0/24 is the ip range they get assigned from. ip4:216.70.103.0/24 ip4:216.70.101.0/24 are the two possible SMTP ranges they could get IF they used their hosting account mail servers [media temple] They are still getting SPF errors, any idea why?

    Read the article

  • Outlook 2007 "Mark as Not Junk" Dialog Confusion

    - by David
    Outlook 2007's "Not Junk" button opens the "Mark as Not Junk" dialog. The dialog works correctly if I keep the "Always trust e-mail from <email address>" option checked. That is, the message is removed from the Junk folder and returns to the Inbox. However, if I uncheck the "Always trust" box, pressing OK dismisses the dialog, but nothing else happens. Why not? According to Outlook help, "When you mark a message as not junk, you are given the option of adding the sender or the mailing list name to your Safe Senders List or Safe Recipients List." That sure makes it sound like this is just an option, and not necessary for the core functionality of the action. I really don't want to trust a (possibly forged) From: address, but I do want my mail back in the Inbox. I could manually drag it, but I'm assuming that marking a message as not junk also trains some kind of bayesian filter. Am I mistaken? Thanks.

    Read the article

  • DKIM error: dkim=neutral (bad version) header.i=

    - by GBC
    Ive been struggling the last couple of hours with setting up DKIM on my Postfix/CentOS 5.3 server. It finally sends and signs the emails, but apparently Google still does not like it. The errors I'm getting are: dkim=neutral (bad version) [email protected] from googles "show original" interface. This is what my DKIM-signature header look like: v=1; a=rsa-sha1; c=simple/simple; d=mydomain.com.au; s=default; t=1267326852; bh=0wHpkjkf7ZEiP2VZXAse+46PC1c=; h=Date:From:Message-Id:To:Subject; b=IFBaqfXmFjEojWXI/WQk4OzqglNjBWYk3jlFC8sHLLRAcADj6ScX3bzd+No7zos6i KppG9ifwYmvrudgEF+n1VviBnel7vcVT6dg5cxOTu7y31kUApR59dRU5nPR/to0E9l dXMaBoYPG8edyiM+soXo7rYNtlzk+0wd5glgFP1I= Very appreciative of any suggestions as to how I can solve this problem! Btw, here is exactly how I installed dkim-milter in CentOS 5.3 for postfix, if anyone is interested (based on this guide): mkdir dkim-milter cd dkim-milter wget http://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.3-1.x86_64.rpm ======S====== Newest version: http://www.topdog-software.com/oss/dkim-milter/ ======E====== rpm -Uvh dkim-milter-2.8.3-1.x86_64.rpm /usr/bin/dkim-genkey -r -d mydomain.com.au ======S====== add contents of default.txt to DNS as TXT _ssp._domainkey TXT dkim=unknown _adsp._domainkey TXT dkim=unknown default._domainkey TXT v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GWETBNiQKBgQC5KT1eN2lqCRQGDX+20I4liM2mktrtjWkV6mW9WX7q46cZAYgNrus53vgfl2z1Y/95mBv6Bx9WOS56OAVBQw62+ksXPT5cRUAUN9GkENPdOoPdpvrU1KdAMW5c3zmGOvEOa4jAlB4/wYTV5RkLq/1XLxXfTKNy58v+CKETLQS/eQIDAQAB ======E====== mv default.private default mkdir /etc/mail/dkim/keys/mydomain.com.au mv default /etc/mail/dkim/keys/mydomain.com.au chmod 600 /etc/mail/dkim/keys/mydomain.com.au/default chown dkim-milt.dkim-milt /etc/mail/dkim/keys/mydomain.com.au/default vim /etc/dkim-filter.conf ======S====== ADSPDiscard yes ADSPNoSuchDomain yes AllowSHA1Only no AlwaysAddARHeader no AutoRestart yes AutoRestartRate 10/1h BaseDirectory /var/run/dkim-milter Canonicalization simple/simple Domain mydomain.com.au #add all your domains here and seperate them with comma ExternalIgnoreList /etc/mail/dkim/trusted-hosts InternalHosts /etc/mail/dkim/trusted-hosts KeyList /etc/mail/dkim/keylist LocalADSP /etc/mail/dkim/local-adsp-rules Mode sv MTA MSA On-Default reject On-BadSignature reject On-DNSError tempfail On-InternalError accept On-NoSignature accept On-Security discard PidFile /var/run/dkim-milter/dkim-milter.pid QueryCache yes RemoveOldSignatures yes Selector default SignatureAlgorithm rsa-sha1 Socket inet:20209@localhost Syslog yes SyslogSuccess yes TemporaryDirectory /var/tmp UMask 022 UserID dkim-milt:dkim-milt X-Header yes ======E====== vim /etc/mail/dkim/keylist ======S====== *@mydomain.com.au:mydomain.com.au:/etc/mail/dkim/keys/mydomain.com.au/default ======E====== vim /etc/postfix/main.cf ======S====== Add: smtpd_milters = inet:localhost:20209 non_smtpd_milters = inet:localhost:20209 milter_protocol = 2 milter_default_action = accept ======E====== vim /etc/mail/dkim/trusted-hosts ======S====== localhost 127.0.0.1 ======E====== /etc/mail/local-host-names ======S====== localhost 127.0.0.1 ======E====== /sbin/chkconfig dkim-milter on /etc/init.d/dkim-milter start /etc/init.d/postfix restart

    Read the article

  • Sign multiple domains with single Domain Key (dk-filter)

    - by Lashae
    Motivation The private shopping website GILT, send periodical update emails from giltgroupe.bounce.ed10.net however all of the mails are signed with domain keys of giltgroupe.com. mailed-by giltgroupe.bounce.ed10.net signed-by giltgroupe.com My Story I couldn't manage to sign x.com with y.com 's domain key using dk-filter under Debian Lenny with postfix. If I try to init dk-filter service with following arguments: DAEMON_OPTS="$DAEMON_OPTS -d x.com,y.com -c nofws -k -i /var/dk-filter/internal_hosts -s /etc/dk-keys.conf" dk-filter service signs with domain x.com (d=x.com) If I change the daemon arg.s as following: DAEMON_OPTS="$DAEMON_OPTS -d x.com -c nofws -k -i /var/dk-filter/internal_hosts -s /etc/dk-keys.conf" then emails sent From y.com is not being signed. the dk-keys.conf file is as follows: *:/var/dk-filter/y.com/mail I managed to do same thing with DKIM, works perfect. However DK doesn't seem to work. I don't have any problem signing y.com's emails with y.com's key and x.com's emails x.com's key, which indicates there is no configuration problem. Do you have any experience/advice to make it possible to sign emails from multiple domains by a specific chosen domain?

    Read the article

  • Preventing Postfix backscattering

    - by Must Do Better
    I am having problems with the Postfix mail server being used for backscattering, I have tried the suggestions in the manual but nothing seems to work. Does anyone know how we can reject any mail from entering the queue if the recipient doesn't match a local recipient rather than send bounce emails? I'm assuming it should be a fairly straight forward change in the configuration files. Just to note I am using Webmin/Virtualmin on the server.

    Read the article

  • Emails going to Junk for Hotmail recipients

    - by David George
    We send daily mass emails to our customers (~30,000+ emails per day). We have problems with Hotmail users receiving our emails. Sometimes the email goes to the Junk folder, but often it will got to their inbox, but the content is blocked so the user sees a message saying "This email was blocked and may be dangerous". If an email is sent to GMAIL it is usually not blocked, but it does show up as from "Uknown" instead of the company. Please be advised I've done the following: 1. No RBLs Checked on - http://multirbl.valli.org/ 2. We do have SPF records published 3. We do have reverse DNS setup 4. Our company even signed up for the Junk Mail Reports Program at Hotmail Here is a sample header, I've noticed the X-SID-Result and the X-AUTH-Result both FAIL every time at Hotmail: X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtTQ0w9MQ== X-Message-Status: n:0 X-SID-Result: Fail X-AUTH-Result: FAIL X-Message-Info: JGTYoYF78jFqAaC29fBlDlD/ZI36+S6WoFmkQN10UxWFe1xLHhP+rDthGRZM87uHYM926hUBS+s0q46Yx9y6jdurhN6fx0bK Received: from privatecompany.com ([WanIPAddress]) by col0-mc3-f30.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 5 May 2010 08:41:27 -0700 X-AuditID: ac10fe93-000013bc00000534-46-4be191a1618e Received: from INTERNAL-Email-SERVER([InternalIPAddress]) by privatecompany.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 5 May 2010 11:41:21 -0400 From: Private Company, Inc.<[email protected]> To: [email protected] Message-Id: <[email protected]> Subject: Date: Wed, 5 May 2010 11:42:46 -0400 MIME-Version: 1.0 Reply-To: [email protected] Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: AAAAAA== Return-Path: [email protected] X-OriginalArrivalTime: 05 May 2010 15:41:27.0837 (UTC) FILETIME=[6D06E4D0:01CAEC69]

    Read the article

  • Why an empty MAIL FROM address can sent out email?

    - by garconcn
    We are using Smarter Mail system. Recently, we found that hacker had hacked some user accounts and sent out lots of spams. We have firewall to ratelimit the sender, but for the following email, the firewall couldn't do this because of the empty FROM address. Why an empty FROM address is consider OK? Actually, in our MTA(surgemail), we can see the sender in the email header. Any idea? Thanks. 11:17:06 [xx.xx.xx.xx][15459629] rsp: 220 mail30.server.com 11:17:06 [xx.xx.xx.xx][15459629] connected at 6/16/2010 11:17:06 AM 11:17:06 [xx.xx.xx.xx][15459629] cmd: EHLO ulix.geo.auth.gr 11:17:06 [xx.xx.xx.xx][15459629] rsp: 250-mail30.server.com Hello [xx.xx.xx.xx] 250-SIZE 31457280 250-AUTH LOGIN CRAM-MD5 250 OK 11:17:06 [xx.xx.xx.xx][15459629] cmd: AUTH LOGIN 11:17:06 [xx.xx.xx.xx][15459629] rsp: 334 VXNlcm5hbWU6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 334 UGFzc3dvcmQ6 11:17:07 [xx.xx.xx.xx][15459629] rsp: 235 Authentication successful 11:17:07 [xx.xx.xx.xx][15459629] Authenticated as [email protected] 11:17:07 [xx.xx.xx.xx][15459629] cmd: MAIL FROM: 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK < Sender ok 11:17:07 [xx.xx.xx.xx][15459629] cmd: RCPT TO:[email protected] 11:17:07 [xx.xx.xx.xx][15459629] rsp: 250 OK Recipient ok 11:17:08 [xx.xx.xx.xx][15459629] cmd: DATA

    Read the article

  • Project Honey Pot - mod_httbl

    - by Henko
    I'm very interested in project honey pot. It seems like a smart way of blocking harversters etc from your web server. I found out about mod_httpbl for apache but I haven't find much to read about it other than on project honey pot's homepage. Doesn't seem like a very active project(?) Could someone with exeperience of httpbl tell me if mod_httpbl is good/bad or if there are other better alternatives?

    Read the article

  • Amusing or Sad? Network Solutions

    - by dbasnett
    When I got sick my email ended up in every drug sellers email list. Some days I get over 200 emails selling everything from Viagra to Xanax. Either they don't know what my condition is or they are telling me you are a goner, might as well chill-ax and have a good time. In order to cut down on the mail being downloaded I thought I would add all of the Junk email senders from Outlook to my Network Solution mail server. Much to my amazement I could not find that import Spammers button, so I submitted a tech support request. Here is the response: Thank you for contacting Network Solutions Customer Service Department. We are committed to creating the best Customer experience possible. One of the first ways we can demonstrate our commitment to this goal is to quickly and efficiently handle your recent request. We apologize for any inconvenience this might have caused you. With regard to your concern, please be advised that we cannot import blocked senders in to you e-mail servers. An alternative option is for you to create a Custom Filter that filters unwanted e-mails. To create a Custom Filter: Open a Web browser (e.g., Netscape, Microsoft Internet Explorer, etc.). Type mail.[domain name].[ext] in the address line. Login to your Network Solutions email account. Click on the Configuration left menu tab. Click on the Custom Filter link. Type the rule name. blah, blah, blah Basically add them one at a time. "We are committed to creating the best Customer experience possible." No you are not. You are trying to squeeze every nickle you can out of me. "With regard to your concern, please be advised that we cannot import blocked senders in to you e-mail servers." Maybe I should apply for a job to write those ten complicated lines of code... Maybe I should question my choice of vendors, because if they truly "cannot" then they are to stupid to have my business. It is both amusing and sad. I'll be posting this in every forum I am a member of.

    Read the article

  • Exim backscatter

    - by asrijaal
    One of my relays has been listed on backscatter.org, now I'm trying to configure our existing config only to send bounces to local users only. Does anyone knows how I deal with this issue? I've added following rule in my acl_check_rcpt deny senders = : dnslists = ips.backscatterer.org log_message = $sender_host_address listed at $dnslist_domain message = Backscatter: $dnslist_text Would this be enough not get listed again?

    Read the article

  • Putting codes in email subjects

    - by Christian W
    We send out large quantities of email to our customers (work environment surveys). Sometimes our mailinglist for a client isn't quite up to date and we get bounce mails (address not found and such). However, since these all bounce back to the same address it's difficult to keep track on which bounce belongs to which client. (The email subject is usually pretty generic, like "Welcome to the work environment survey") This is why I would like to insert a identifier in the subject line of the email. So the subject would be "Welcome to the work environment survey (1234)" where 1234 is a number identifying the client/survey. We already rank pretty high because of the way our mailer handles sending the mails. Usually we contact the clients it-dept to get them to whitelist us in their firewall/spamfilter. Would this increase our spamscore in spamfilters?

    Read the article

  • Can Microsoft Security Essentials Signature Update Notifications be Avoided?

    - by Goto10
    I have my Windows Automatic Updates set to "Notify me but don't automatically download or install them.". However, if I install Microsoft Security Essentials, can I have the daily virus signatures downloaded and applied without being prompted each time by Windows Update? I like to have the control of installing general Windows Updates, but prefer not to have to accept the signature definitions that I expect to have applied every day (would get a bit tedious). Using XP Home SP 3. Just wanted to check this over before deciding whether or not to go for Microsoft Security Essentials.

    Read the article

  • How do I prevent mail from my Exchange server from being blocked?

    - by Mike C
    Recently one of our client machines was infected with a virus and I believe was spamming addresses in the user's contact list. Since then our server has been appearing on blacklists and it has been causing our e-mail to be blocked and returned by many clients. The virus has since been cleared, what can I do to get our server off these blacklists so that we will have more reliable e-mail service? Will I have to change my IP address? Thanks, Mike

    Read the article

  • Strange email coming from/to my computer

    - by Micah
    I'm running smtp4dev on my machine to trap anything going in/out of my computer on port 25 for testing purposes. Every so often this email gets trapped and I have no idea what it's from. I have Microsoft Security Essentials running on my machine and it hasn't identified and viruses or anything so I'm not sure what's going on. Here's the content of the message: Received: from [125.180.72.4] by 173.162.7.130 SMTP id O2Ncv62Ghig1vR for <[email protected]>; Fri, 24 Jun 2011 20:36:15 +0200 Received: from [125.180.72.4] by 173.162.7.130 SMTP id O2Ncv62Ghig1vR for <[email protected]>; Fri, 24 Jun 2011 20:36:15 +0200 Message-ID: <[email protected]> From: "" <[email protected]> To: <[email protected]> Subject: BC_173.162.7.130 Date: Fri, 24 Jun 11 20:36:15 GMT MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01C2CC60.49F4EC70"

    Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >