View previous topic :: View next topic |
Author |
Message |
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Jul 08, 2004 11:12 am Post subject: Systems Block Policy Discussion |
|
|
This is where questions or comments concerning the new Systems Block Policy should be posted. If you believe you are being blocked by a rule in this policy, please go back to the policy and contact me after reading the policy thoroughly. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Jul 08, 2004 2:27 pm Post subject: |
|
|
Mike Regan wrote: | By what criteria will an offender be determined? |
Most of the criteria is defined in the policy.
For example, an IP address that has sent up to 5 virus infected emails will just have SMTP blocked. They shouldn't be sending directly from their systems anyways (unless they actually intended on having a local SMTP server, but most cases it's actually a virus with it's own SMTP server or using your default in Outlook, OE, etc.), and should be sending through their ISP or company SMTP server. If the ISP or company SMTP server is allowing these messages to go through, then it's their responsibilty to monitor and clean messages going through their system.
Quote: | Will they be notified of this block or just kicked out without warning or explaination? |
Unfortunately there is no real way to notify the offending address reliably. As far as people sending viruses, most messages contain forged From headers (among others). For those who have not been completely blocked, but can still get to port 80 (web server), they will have a message stating they have been blocked and the correct channels to possibly become unblocked.
Quote: | I have been getting a good deal of SPAM and most of it contains virus, to my Planetfurry address. All is spoofed senders. It has come from me to me, form Cateagle, from Maxx, from Nahima and even a good many from Webmaster at Planetfurry. |
As far as spam is concerned, all messages, including inbound, outbound, and internal, are scanned for spam and virus signatures. 99.999% of the spam that you receive that has an @planetfurry.com address has been forged. The other 0.001% would likely be genuine but mistaken to be spam for various reasons. |
|
Back to top |
|
|
Gabriel Registered User
Joined: 04 May 2004 Posts: 58 Location: USA
|
Posted: Thu Jul 08, 2004 7:58 pm Post subject: |
|
|
When I get mail marked {spam?} or {virus?} what am I supposed to do with it?
And, how can I take e-mail sent to the 'catch-all' address on my domain and have it nullified or auto-returned? Is there anything for that on the current server? ...Will there be anything on the new server you're putting together? _________________
|
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Jul 08, 2004 10:13 pm Post subject: |
|
|
Gabriel wrote: | When I get mail marked {spam?} or {virus?} what am I supposed to do with it? |
If you receive a message that has the Subject prefixed with {Spam?}, {HighScoreSpam?}, or {Virus?}, chances are the message is safe. No single system is perfect, though, so that doesn't mean that you shouldn't perform your own antivirus scanning.
If you would like to report a possible problem, for example, if a virus or spam was received without an appropriate tag in the subject, or you are receiving multiple spam or virus infected messages that haven't been blocked yet, I will be posting a link to a form were you can appropriately report the problem.
Quote: | And, how can I take e-mail sent to the 'catch-all' address on my domain and have it nullified or auto-returned? Is there anything for that on the current server? ...Will there be anything on the new server you're putting together? |
This is an admin issue, which isn't best to discuss on an open thread. I'll send you a private message concerning what you may want to try. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Thu Jul 08, 2004 10:46 pm Post subject: |
|
|
Mike Regan wrote: | Sorry, I was not too clear on this. The "they" would be registered members of PF. |
Not entirely. "They" could be literally anyone, including, but not limited to, Planetfurry members.
Quote: | I am not too savy on the methods used to find the offeneders. Myself I only know the address that the email SAYS it comes from. Knowing the so called senders I know that to be a lie though.
I am just concerned that since some have had my name on them that I will one morning find myself locked out of PF with no idea as to why. |
Since most spam/viruses use false From fields, I will not be using this information at all, or basing any form of block on it. Other headers in the message, as well as email server logs, are use to determine what needs to be blocked. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Fri Jul 09, 2004 1:26 am Post subject: Example of Spam House Network Blocks |
|
|
Chain SPAMMERS (1 references)
target prot opt source destination
DROP all -- 69.42.65.0/25 anywhere
DROP all -- 66.109.16.0/20 anywhere
DROP all -- 64.136.96.0/20 anywhere
-------
I have no sympathy for these poor, unfortunate advertisers. |
|
Back to top |
|
|
Tygon Site Owner
Joined: 03 Apr 2001 Posts: 2497 Location: Isernhagen, Lowersaxony, Germany
|
Posted: Fri Jul 09, 2004 3:01 am Post subject: |
|
|
Since a few days ago all mail I sent out from my PF mail account gets marked as spam... I checked my computer and it's clean. Could it be related to this blocking thing? _________________ Tygon Panthera - name and species
www.planetfurry.com/~tygon/ |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Fri Jul 09, 2004 3:06 am Post subject: |
|
|
Tygon wrote: | Since a few days ago all mail I sent out from my PF mail account gets marked as spam... I checked my computer and it's clean. Could it be related to this blocking thing? |
Partially. I just sent you an email concerning the problem. It looks like your your ISP's netblock is listed in several blacklists. |
|
Back to top |
|
|
Tygon Site Owner
Joined: 03 Apr 2001 Posts: 2497 Location: Isernhagen, Lowersaxony, Germany
|
Posted: Fri Jul 09, 2004 3:13 am Post subject: |
|
|
I see... well, I guess I'll have to call the Telekom and see what they say (for I only understand half of this... _________________ Tygon Panthera - name and species
www.planetfurry.com/~tygon/ |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Fri Jul 09, 2004 3:28 am Post subject: |
|
|
Tygon wrote: | I see... well, I guess I'll have to call the Telekom and see what they say (for I only understand half of this... |
I recommend you forward the link I sent you to your ISP, and explain to them their dial-up netblock is blacklisted, and that they need to contact those blacklist maintainers to be removed. You could probably contact the blacklist maintainers yourself, but they will likely as for the ISP to contact them. |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Sun Jul 11, 2004 1:33 am Post subject: |
|
|
*bump* The policy had a slight change. Please check it out. If you have any questions, please address them here.
In other notes, I'm working on a script to automate the blocking process. Right now everything that is blocked is done manually, which makes it impossible to have a decent response time after receiving a virus, spam, etc., and gets kind of old in the process. Once the script is done, I will let you know. If anyone is interested in seeing the script, let me know and I'll consider posting it here (without any information too dangerous to post in the public, of course). |
|
Back to top |
|
|
Tygon Site Owner
Joined: 03 Apr 2001 Posts: 2497 Location: Isernhagen, Lowersaxony, Germany
|
Posted: Sun Jul 11, 2004 3:39 am Post subject: |
|
|
on a side note, my email works again. it seems my dynamic IP shifted to one that is not on the blacklist.
I'll hopefully change my ISP soon, what will fix the problem permanently. _________________ Tygon Panthera - name and species
www.planetfurry.com/~tygon/ |
|
Back to top |
|
|
TwylaFox Registered User
Joined: 07 Dec 2010 Posts: 54 Location: BFE, Califorlornland
|
Posted: Mon Jan 03, 2011 1:37 am Post subject: |
|
|
I'm curious as to why I keep getting some sort of notice from here - starting today - saying that I have a virus. I've done several scans with different programs which find nothing, and have even done a system rollback to last week and still keep getting this notice.
Any idea what gives with this? _________________ "The only people who never fail are the ones who never try to accomplish anything." ~ My Grandfather |
|
Back to top |
|
|
Whip-lash Kneel before me... for I am Root!
Joined: 20 Nov 2000 Posts: 573
|
Posted: Mon Jan 03, 2011 8:58 am Post subject: |
|
|
TwylaFox wrote: | I'm curious as to why I keep getting some sort of notice from here - starting today - saying that I have a virus. I've done several scans with different programs which find nothing, and have even done a system rollback to last week and still keep getting this notice.
Any idea what gives with this? |
You wouldn't happen to have a screenshot or some other copy of the message stating you had a virus, would you? If it's states CloudFlare in the page, then it's picking up something from the public IP address you're coming from, or from the User Agent string your browser is sending. If it is something else, then I do not believe it is coming from us. |
|
Back to top |
|
|
TwylaFox Registered User
Joined: 07 Dec 2010 Posts: 54 Location: BFE, Califorlornland
|
Posted: Tue Jan 04, 2011 12:57 am Post subject: |
|
|
Yep, it says CloudFlare at the bottom. Any idea how to keep it from doing this? My system can't get much cleaner. _________________ "The only people who never fail are the ones who never try to accomplish anything." ~ My Grandfather |
|
Back to top |
|
|
|