phishing.bad.sites.conf
Barry Callahan
barryc at rjlsystems.com
Thu Oct 31 14:54:44 GMT 2013
.... except the phishing checks are applied against the BODY of the
email, not the headers.
Nevermind. I need more coffee.
Sorry for lowering the SNR.
On 10/31/2013 10:04 AM, Barry Callahan wrote:
> Uhh... yes. Yes, it contains www.facebook.com.
> It also contains www.facebookprofileviewer.com
>
> You should not be getting any legitimate emails from facebook
> originating from either of those machine names. The email should be
> coming from a @facebookmail.com address. And chances are, the machine
> handing it off to your server will be mx-out.facebook.com.
>
> So, if you're getting email traffic claiming to come from
> www.facebook.com.... I doubt it's legitimate.
>
> #/*****************************\
> #* Barry Callahan
> #* Technologist
> #* RJL Systems
> #* phone: 1 586 790 - 0200 x112
> #* 1 800 528 - 4513 x112
> #* fax: 1 586 790 - 0205
> #\*****************************/
>
> On 10/31/2013 8:31 AM, Denis Beauchemin wrote:
>> Hello,
>>
>> I just found out that the phishing.bad.sites.conf contains www.facebook.com. This file is kept up to date by /usr/sbin/update_bad_phishing_sites.
>>
>> Now who can remove www.facebook.com from the master file? If nobody can I will have to stop the auto-update.
>>
>> Thanks.
>>
>> Denis
>>
>>
More information about the MailScanner
mailing list