[Exim] New form of spam attack?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Frank S. Bernhardt
Date:  
À: Exim Users List
Sujet: [Exim] New form of spam attack?
Greetings

I think the php-installs mailing list is really messed up. We've seen a
number of the following e-mails come thru our Exim 4.20/SA/Exiscan with
subject:

Subject: [PHP-INSTALL] Mail Delivery (failure php-install@???)

and body:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> (snipped)

Content-Type: text/html;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>If the message will not displayed automatically,<br>
follow the link to read the delivered message.<br><br>
Received message is available at:<br>

<a href=3Dcid:031401Mfda     b4$3f3dL780$73387018@57W81   fa70Re height=3D0
************************^^^ 3 spaces added above ******^^^******
(I added this to intentionally break it)
width=3D0>www.lists.php.net/inbox/php-install/read.php?sessionid-21156</a>
<iframe
src=3Dcid:031401Mfdab4$3   f3dL780$73387018@57W81fa   70Re height=3D0
width=3D0></iframe>
************************^^^ 3 spaces added above **^^^******
(I added this to intentionally break it)
<DIV>&nbsp;</DIV></BODY></HTML>


<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

I'm guessing that the url is encoded and that clicking on the link is a
bad thing.

Any thoughts or comments on how to filter this without blocking all of
the php-install list?

--

Regards

Frank S. Bernhardt
b.c.s.i.
14 Halton Court
Markham, ON.
L3P 6R3

905-471-1691 Voice
905-471-3016 FAX

frank@???