Mailing List CGatePro@mail.stalker.com Message #92966
From: Todd Schuldt <TSCHULD@kirkwood.edu>
Subject: Re: SpamCop listed me in spite of SpamCatcher
Date: Thu, 18 Oct 2007 15:36:42 -0500
To: <CGatePro@mail.stalker.com>
X-Mailer: Novell GroupWise Internet Agent 6.0.4
Usually the infections turn that local computer into an smtp host and
tries to email out directly instead of trying to locate client email
settings to read and relaying out through their server (which usually
has protection running on it anyway).  It is much more effective for
them to infect 10 machines and have them start spamming directly.  Think
of it as a spy game - it's more effective to have 10 secret agents
sending mail as fast as they can than to have those 10 agents pass them
through 1 courier who can quickly be recognized and apprehended.

Todd Schuldt
Senior System Administrator
Kirkwood Community College

>>> larry@computerlarry.com 10/18/07 11:59AM >>>
What happens when a trusted computer gets infected, and starts  
sending out spam?

On Oct 17, 2007, at 3:50 PM, Bret Miller wrote:

>> Causes of listing
>> System has sent mail to SpamCop spam traps in the past week (spam
>> traps are secret, no reports or evidence are provided by SpamCop)
>>
>>
>> The only thing that I can think of is that SpamCatcher didn't block
>> something that originated from a trusted machine.
>>
>> The SpamCatcher rule is
>>
>> Header field    is not   From: MAILER-DAEMON@*
>> Any Route      in   LOCAL(*,LIST(*,
>>
>>
>> I have just removed the condition  Source  not in     trusted,
>> authenticated
>>
>>
>> I don't know if I should add   SMTP(*   to Any Route
>>
>>
>> -------------
>>
>> I recall that I stopped using SpamCop  as a RBL  after they
>> listed  AOL
>
> CGPSA running in full-featured mode won't scan outgoing mail unless

> you list the outgoing domain in the scan_domains setting. Since you

> can't be sure what SpamCop uses as a domain, that doesn't do you  
> much good. I run mine in headers-only mode here so it scan all mail

> passing through (except trusted,authenticated).
>
> Bret
>
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePro-
> digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-
> index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>


#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to
<CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster