phishing.bad.sites.conf
Denis Beauchemin
Denis.Beauchemin at usherbrooke.ca
Thu Oct 31 14:24:32 GMT 2013
Barry,
The phishing.bad.sites.conf is used to flag URLs in emails. It is not uncommon to use www.facebook.com/SiteName in emails nor should it be flagged as a phishing attempt.
Denis
-----Message d'origine-----
De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Barry Callahan
Envoyé : 31 octobre 2013 10:11
À : MailScanner discussion
Objet : Re: phishing.bad.sites.conf
Uhh... yes. Yes, it contains www.facebook.com.
It also contains www.facebookprofileviewer.com
You should not be getting any legitimate emails from facebook originating from either of those machine names. The email should be coming from a @facebookmail.com address. And chances are, the machine handing it off to your server will be mx-out.facebook.com.
So, if you're getting email traffic claiming to come from www.facebook.com.... I doubt it's legitimate.
#/*****************************\
#* Barry Callahan
#* Technologist
#* RJL Systems
#* phone: 1 586 790 - 0200 x112
#* 1 800 528 - 4513 x112
#* fax: 1 586 790 - 0205
#\*****************************/
On 10/31/2013 8:31 AM, Denis Beauchemin wrote:
> Hello,
>
> I just found out that the phishing.bad.sites.conf contains www.facebook.com. This file is kept up to date by /usr/sbin/update_bad_phishing_sites.
>
> Now who can remove www.facebook.com from the master file? If nobody can I will have to stop the auto-update.
>
> Thanks.
>
> Denis
>
>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list