Results 1 to 5 of 5
  1. #1
    Untanglit
    Join Date
    Nov 2016
    Posts
    15

    Default spam with IP-based URLs

    Hi,

    I'm seeing a large influx of spam getting through UT with hard-coded IP based urls in them. Example:

    <CENTER><a href="http://145.239.174.18//ql.html?r=cali01*gaocbdoilpesv=oth.22w82.193t233.4u25x.c0c2f__3n6k12vvP2/0000a7"><br><img src="http://145.239.174.18//4001/w15550PureCBD1.jpg"></a></CENTER>

    Is there a way to block these and variants like this?

    Thanks!

    --Ben

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,210

    Default

    edit: removed
    Last edited by dmorris; 11-02-2017 at 07:18 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,668

    Default

    It looks at the content when scanning. If its not checking that I would check your DNS status with this:
    https://wiki.untangle.com/index.php/...k_DNSBL_Access

    Also look and reports and see what the score it was given, and why.

    Given that it looks pretty obvious... My guess is that you either have a DNS issue or it wasn't scanned at all because of SSL or some other reason.

    edit: (or your mail is being relayed before reaching Untangle, which can often cause big issues)
    Last edited by dmorris; 11-01-2017 at 09:03 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untanglit
    Join Date
    Nov 2016
    Posts
    15

    Default

    Ah. Makes sense. I have other tools I can use; they just aren't the cleanest. Much appreciated.

    Given that it doesn't save the email, how does AV filtering work, then? What might be interesting would be to see if the pattern http://xx.xx.xx.xx/ could be defined as a virus.

    --Ben
    Last edited by bconner; 11-02-2017 at 06:57 PM.

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,668

    Default

    It does scan the content, as does spam blocker and phish blocker.
    Edited confusing comment.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2