Why is this domain spoofing.

Mike Wallace mike at mlrw.com
Mon Nov 9 17:33:28 GMT 2009 

I've had the same problem and disabled phishing in clam by editing / 
etc/clamd.conf and added "PhishingSignatures no" after the line  
"#PhishingSignatures yes".

Mike Wallace
mike at mlrw.com



On Nov 9, 2009, at 11:08 AM, Robert Lopez wrote:

> Yesterday ever member of the honor society at this college had their
> news letter blocked for Phishing.Heuristics.Email.SpoofedDomain .
>
> It is not clear to me why. It appears to me the domain is always
> ptk.org and elist.ptk.org is simply a mail system within that domain
> so nothing is spoofed.
>
> After they were blocked last month I thought I white listed them:
> From:      12.230.142.18  OK  # elist.ptk.org
> From:      12.230.142.9    OK  # ptk.org
> are already in /etc/MailScanner/rules/spam.whitelist.rules
>
> How can I prevent these from being blocked?  Am I misunderstanding how
> to whitelist SpoofedDomain-s?
>
> This is the report:
> The following e-mails were found to have: Virus Detected
>
>    Sender: golden_key_news_brief_htm-return-296-xxxxxx=cnm.edu at elist.ptk.org
> IP Address: 12.230.142.18
> Recipient: xxxxxx at cnm.edu
>   Subject: GOLDEN KEY NEWS BRIEFS FOR November  6, 2009
> MessageID: 53BDB10A5.B6931
> Quarantine:
>    Report: Clamd:  message was infected:
> Phishing.Heuristics.Email.SpoofedDomain
>
> Full headers are:
>
> Received: from elist.ptk.org (elist.ptk.org [12.230.142.18])
> 	by mg06.cnm.edu (Postfix) with ESMTP id 53BDB10A5
> 	for <xxxxxx at cnm.edu>; Sat,  7 Nov 2009 10:40:20 -0700 (MST)
> Received: (qmail 27695 invoked by alias); 6 Nov 2009 17:41:40 -0600
> Mailing-List: contact golden_key_news_brief_htm-help at elist.ptk.org;
> run by ezmlm
> Precedence: bulk
> X-No-Archive: yes
> List-Post: <mailto:golden_key_news_brief_htm at elist.ptk.org>
> List-Help: <mailto:golden_key_news_brief_htm-help at elist.ptk.org>
> List-Unsubscribe:
> <mailto:golden_key_news_brief_htm-unsubscribe-rganley=cnm.edu at elist.ptk.org 
> >
> List-Subscribe: <mailto:golden_key_news_brief_htm-subscribe at elist.ptk.org 
> >
> X-You-are-Subscribed-As: <xxxxxx at cnm.edu>
> From: Golden Key News Brief <news_service at ptk.org>
> To: GKNB subscribers <xxxxxx at cnm.edu>
> Mime-Version: 1.0
> Content-Type: text/html
> Delivered-To: mailing list golden_key_news_brief_htm at elist.ptk.org
> Date: Fri,  6 Nov 2009 23:41:40 +0000
> Subject: GOLDEN KEY NEWS BRIEFS FOR November  6, 2009
> Message-Id: <20091107174020.53BDB10A5 at mg06.cnm.edu>
>
>
>
>
> -- 
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> This message has been scanned for viruses and dangerous content by  
> MailScanner, and is believed to be clean.
>

More information about the MailScanner mailing list