PDF files infected, be aware!

ECN Shout Chat

Give a Shout Out!

ShoutChat

Who's Online Now

0 members (), 205 guests, and 12 robots.

Key: Admin, Global Mod, Mod

Print Thread

Rate Thread

Re: PDF files infected, be aware!

gfretwell #170372 11/01/07 08:13 PM

Joined: May 2005

Posts: 247

palo alto, ca usa

T

techie

Member

Or do as I do.. I run a non-MS OS (FreeBSD unix), and use a non-GUI MUA (Elm). I can receive attachments, but nothing happens until I save them, and open them with my choice of
application (under FreeBSD).

A lot of spam is very obvious. it's pure HTML, and appears as gibberish in Elm. >99% of the pure HTML email I receive is spam.

I do get a lot of spam, but then again my email addresses have been public knowledge for many years (one has been in use for 16 years..) I run my own mailservers, and I reject
a lot of mail at the SMTP level, based on the IP address of the sender.

If the source is a known dynamic dialup/cable/dsl address, or is assigned to an entity in china, korea, africa, EV1.net/EV1servers.net, wanadoo/france telecom, BT, interbusiness.it, etc, or appears on any of a dozen DNSBLs it is rejected immediately, before my server agrees to accept it.

I have a local reject list of over 26,000 ip networks generated based on received spam over the last 5-6 years.
Some countries/isp's are listed based on a zero-tolerance policy, based on 100% spam/0% content/0% abuse response.
If I find ip space assigned to them, it gets listed in my reject list.

If the sender has no reverse DNS, reverse DNS that points to a nonexistent domain, or reverse DNS that does not match the forward DNS for the given hostname, then it is rejected.
If the host fails to wait for the SMTP HELO, it is rejected for violating RFC822.

future additions include the rfc-ignorant list, which lists isp's that do not have functional abuse or postmaster addresses.

anything that leaks through gets forwarded to Spamcop as a complaint. I currently don't use spamassassin to filter spam.

I prefer to reject at the initial SMTP transaction, which means that the sender should receive a bounce from their server, as opposed to a delayed bounce sent from my server to a probably forged address.

Any challenge-response emails that I receive are considered spam, as that system is in many ways as bad or worse than the spam itself, and can be used as an attack vector.
(send a spam using my (forged) address to a site using challenge-response, and I get the challenge, even though the source address was forged.)

Last edited by techie; 11/01/07 08:14 PM.

Tools for Electricians:

Tools for Electricians, Installers, Maintenance & Service Technicians

Entire Thread
Subject	Posted By	Posted
PDF files infected, be aware!	Gloria	10/29/07 02:10 PM
Re: PDF files infected, be aware!	Trumpy	10/29/07 02:43 PM
Re: PDF files infected, be aware!	gfretwell	10/29/07 04:25 PM
Re: PDF files infected, be aware!	Alan Belson	11/01/07 12:25 AM
Re: PDF files infected, be aware!	JoeTestingEngr	11/01/07 01:45 AM
Re: PDF files infected, be aware!	gfretwell	11/01/07 04:14 PM
Re: PDF files infected, be aware!	techie	11/02/07 12:13 AM
Re: PDF files infected, be aware!	gfretwell	11/02/07 04:40 AM
Re: PDF files infected, be aware!	Gloria	11/09/07 09:13 AM
Re: PDF files infected, be aware!	techie	11/11/07 08:21 AM

Moderated by dougwells, electure, gfretwell, HotLine1, Scott35, Trumpy

Link Copied to Clipboard

Featured:

Electricians
Slate Coasters

* * * * * * *

Tools for Electricians

* * * * * * *

2023 NEC + Exam Prep Study Guides Now Available!

Member Spotlight

lil suzi
Midwest

Posts: 57
Joined: August 2003

ECN Forum Forums Technical Discussion Re: Computers and the Internet PDF files infected, be aware!