mip: mail fraud? Anybody seen this?

Jeff A. Earickson jaearick at colby.edu
Tue Nov 11 21:32:41 GMT 2008 

Julian,

Thank you, patch in place.  I will now see if the user can try more
email with the AOL person and see if the problem is gone.  Thanks.

Jeff Earickson
Colby College

On Tue, 11 Nov 2008, Julian Field wrote:

> Date: Tue, 11 Nov 2008 21:24:00 +0000
> From: Julian Field <MailScanner at ecs.soton.ac.uk>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: mip: mail fraud?  Anybody seen this?
> 
> Try this patch to the latest Message.pm and let me know if it helps:
>
> --- Message.pm    2008-10-24 12:11:57.000000000 +0100
> +++ Message.pm.new    2008-11-11 21:23:14.000000000 +0000
> @@ -7251,6 +7251,7 @@
>   $linkurl =~ s/^(https?:\/\/[^:]+):80/$1/i; # Remove http://....:80
>   $linkurl =~ s/^(https?|ftp)[:;]\/\///i;
>   return ("",0) if $linkurl =~ /^ma[il]+to[:;]/i;
> +  return ("",0) if $linkurl =~ /^mip[:;]/i; # Ignore MusicIP links
>   #$linkurl = "" if $linkurl =~ /^ma[il]+to[:;]/i;
>   $linkurl =~ s/[?\/].*$//; # Only compare up to the first '/' or '?'
>   $linkurl =~ s/(\<\/?(br|p|ul)\>)*$//ig; # Remove trailing br, p, ul tags
>
>
>
> On 11/11/08 19:48, Rick Cooper wrote:
>> That looks to be a MusicIP link see:
>> 
>> http://www.musicip.com/mixer/mipprotocol.jsp
>>
>>   >  -----Original Message-----
>>   >  From: mailscanner-bounces at lists.mailscanner.info
>>   >  [mailto:mailscanner-bounces at lists.mailscanner.info] On
>>   >  Behalf Of Julian Field
>>   >  Sent: Tuesday, November 11, 2008 12:22 PM
>>   >  To: MailScanner discussion
>>   >  Subject: Re: mip: mail fraud? Anybody seen this?
>>   >
>>   >  If anyone else can tell me what mip: is, I'll think about
>>   >  adding it to
>>   >  the phishing net so it gets ignored as a URL.
>>   >
>>   >  On 11/11/08 16:42, Jeff A. Earickson wrote:
>>   >  >  Julian,
>>   >  >
>>   >  >  First, I hope that you and your various internal organs are doing
>>   >  >  reasonably well.
>>   >  >
>>   >  >  I got pinged by a user today who asked "why did this copied
>>   >  >  reply get munged up by MailScanner?"
>>   >  >
>>   >  >>  From:<MailScanner has detected a possible fraud attempt
>>   >  from "mip:"
>>   >  >>  claiming to be xxx at aol.com<mip://0b04f618/xxx@aol.com>  >
>>   >  >>  Date: Tue, 11 Nov 2008 08:14:40 EST
>>   >  >>  To:<MailScanner has detected a possible fraud attempt
>>   >  from "mip:"
>>   >  >>  claiming
>>   >  >>  to be yyy at upanewtonma.org<mip://0b04f618/yyy@upanewtonma.org>
>>   >  >
>>   >  >  and so on for all of the other email addresses in the quoted reply.
>>   >  >  I would guess that the mip: construct is something that an AOL MTA
>>   >  >  or mail client added.  I googled for it and found zilch.  Anybody
>>   >  >  else seen this?
>>   >  >
>>   >  >  BTW: running MS 4.72.5-1 on Solaris 10.
>>   >  >
>>   >  >  Jeff Earickson
>>   >  >  Colby College
>>   >  >
>>   >
>>   >  Jules
>>   >
>>   >  --   >  Julian Field MEng CITP CEng
>>   >  www.MailScanner.info
>>   >  Buy the MailScanner book at www.MailScanner.info/store
>>   >
>>   >  MailScanner customisation, or any advanced system
>>   >  administration help?
>>   >  Contact me at Jules at Jules.FM
>>   >
>>   >  PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>   >  PGP public key: http://www.jules.fm/julesfm.asc
>>   >
>>   >
>>   >  --   >  This message has been scanned for viruses and
>>   >  dangerous content by MailScanner, and is
>>   >  believed to be clean.
>>   >
>>   >  --   >  MailScanner mailing list
>>   >  mailscanner at lists.mailscanner.info
>>   >  http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>   >
>>   >  Before posting, read http://wiki.mailscanner.info/posting
>>   >
>>   >  Support MailScanner development - buy the book off the website!
>>   >
>>   >  --
>>   >  This message has been scanned for viruses and
>>   >  dangerous content by MailScanner, and is
>>   >  believed to be clean.
>>   >
>>   >
>>   >
>> 
>> 
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> 
>>
>> 
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list