ASSP blocked email from microsoft -> bombRe

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ASSP blocked email from microsoft -> bombRe

Andy Knuts
I noticed ASSP blocks emails from microsoft because of the default bombRe filter.
It was a password reset email from microsoft:


Jul-17-16 17:26:50 m1-69207-08649 [Worker_3] [TLS-in] [bombRe] 65.54.190.96 <[hidden email]> to: <snip> [spam found] (Regex: bombRe 'PB 20: for dRUg$'  bombRe: 'dRUg$') [Microsoft account password reset] -> /var/db/assp/discarded/Microsoft_account_password_reset--3138.eml;

I checked the eml file and it contains the words "drug%" inside a pretty long hashed link like this:

 ... href="https://accounts.live.com/......9aQVwkungdRUg%24%24">

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: ASSP blocked email from microsoft -> bombRe

Thomas Eckardt/eck
such things may happen

Thomas





Von:    "Andy Knuts" <[hidden email]>
An:     [hidden email]
Datum:  17.07.2016 17:50
Betreff:        [Assp-user] ASSP blocked email from microsoft -> bombRe



I noticed ASSP blocks emails from microsoft because of the default bombRe
filter.
It was a password reset email from microsoft:


Jul-17-16 17:26:50 m1-69207-08649 [Worker_3] [TLS-in] [bombRe]
65.54.190.96 <[hidden email]> to: <snip>
[spam found] (Regex: bombRe 'PB 20: for dRUg$'  bombRe: 'dRUg$')
[Microsoft account password reset] ->
/var/db/assp/discarded/Microsoft_account_password_reset--3138.eml;

I checked the eml file and it contains the words "drug%" inside a pretty
long hashed link like this:

 ... href="https://accounts.live.com/......9aQVwkungdRUg%24%24">

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user