Phishing Server Change

Michael Weiser michael at
Thu Aug 3 18:41:05 UTC 2017

Hi again,

sorry for the noise.

On Thu, Aug 03, 2017 at 05:38:22PM +0200, Michael Weiser wrote:

> The only problem I see is that some Linux distributions have actually
> compiled TLS compression support out of the SSL implementations they
> ship because of CRIME...

Correction: That info off the top of my head seems to be outdated: Just
checked the package sources of Debian jessie/stretch, Fedora RawHide,
Gentoo, CentOS 6/7 and openSUSE Tumbleweed. They all seem to have it
enabled in OpenSSL. OpenSUSE actually has a ChangeLog entry confirming
that it was disabled as a stop-gap-measure once but that patch is gone

CentOS (and likely RHEL) as of 6.9 and 7.3 still have a patch that
requires the user to set environment variable OPENSSL_DEFAULT_ZLIB in
order to get compression enabled. This would need be put into the update

Funnily enough curl has TLS compression statically disabled on the
client side: So we'd
need curl to fall back to HTTP compression still.

BTW: wget -N and curl -z seem to work well to avoid redownload:

# rm phishing.bad.sites.conf
# time wget -N
phishing.bad.sites.conf             100%[============>] 273.56K  96.2KB/s    in 2.8s
2017-08-03 20:21:28 (96.2 KB/s) - 'phishing.bad.sites.conf' saved [280125/280125]
real    0m5.002s
# time wget -N
File 'phishing.bad.sites.conf' not modified on server. Omitting download.
real    0m0.888s

# rm phishing.bad.sites.conf
# time curl -z phishing.bad.sites.conf -o phishing.bad.sites.conf -R
Warning: Illegal date format for -z, --time-cond (and not a file name).
Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
real    0m3.788s
# time curl -z phishing.bad.sites.conf -o phishing.bad.sites.conf -R
real    0m0.518s

More information about the MailScanner mailing list