Discussion:
MailScanner Website
Jerry Benton
2014-08-11 14:57:27 UTC
Permalink
This was the basic format I was probably going to implement. It would probably be 3x6x3 or 2x8x2

http://getbootstrap.com/examples/navbar-fixed-top/

I am also considering a CMS so that updates can be easily made. This would also allow for content versioning, etc. It would also allow certain authors to help maintain the site. (access restrictions)


As I mentioned, I am in the middle of a move, so it may be a couple of months. I also have the next version of MailScanner ready, but I need to work out, on a long term basis, how we are going to create the source, rpm, and deb packages from Github. The new version includes some basic fixes like the -U option along with some other fixes for deprecated items in perl. (And of course the infamous tnef issue.)


---
Who is the list admin now? I just got a hold notice due to the thread being over 100k.

-
Jerry Benton
www.mailborder.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140811/273e3cda/attachment.html
Hristo Benev
2014-08-11 15:34:38 UTC
Permalink
-------- ?????????? ????? --------
??: Jerry Benton jerry.benton at mailborder.com
???????: MailScanner Website
??: MailScanner discussion <mailscanner at lists.mailscanner.info>
????????? ??: ??????????, 2014, ?????? 11 17:57:27 EEST
?This was the basic format I was probably going to implement. It would probably be 3x6x3 or 2x8x2
http://getbootstrap.com/examples/navbar-fixed-top/
I am also considering a CMS so that updates can be easily made. This would also allow for content versioning, etc. It would also allow certain authors to help maintain the site. (access restrictions)
As I mentioned, I am in the middle of a move, so it may be a couple of months. I also have the next version of MailScanner ready, but I need to work out, on a long term basis, how we are going to create the source, rpm, and deb packages from Github. The new version includes some basic fixes like the -U option along with some other fixes for deprecated items in perl. (And of course the infamous tnef issue.)
---
Who is the list admin now? I just got a hold notice due to the thread being over 100k.
-
Jerry Benton
www.mailborder.com
Jerry,

Based on navbar-fixed-top

I've created this
Loading Image...

Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.

Development and version control could be done via GIT (or other VCS).

Do you have any comments?

Hristo
Richard Siddall
2014-08-11 15:55:00 UTC
Permalink
Post by Hristo Benev
Jerry,
Based on navbar-fixed-top
I've created this
http://hbcom.info/mailscanner/mailscanner_rapid_prototype_v1.png
Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.
Development and version control could be done via GIT (or other VCS).
"Build A Blog With Jekyll And GitHub Pages"
http://www.smashingmagazine.com/2014/08/01/build-blog-jekyll-github-pages/

Might suit a developer better than installing WordPress and a
Bootstrap-based theme.
Post by Hristo Benev
Do you have any comments?
Hristo
Richard.
Jerry Benton
2014-08-11 16:37:29 UTC
Permalink
Hristo,

I would like to have content dynamically updated at some point. An example would be an optional Phishing updates, ScamNailer updates (after we fix it), etc. Also, versioning for content, a better wiki with better authoring control, etc. The debate has already gone back and forth over this mailing list regarding static vs CMS, so we don?t need to rehash the same debate.



-
Jerry Benton
www.mailborder.com
Post by Richard Siddall
Post by Hristo Benev
Jerry,
Based on navbar-fixed-top
I've created this
http://hbcom.info/mailscanner/mailscanner_rapid_prototype_v1.png
Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.
Development and version control could be done via GIT (or other VCS).
"Build A Blog With Jekyll And GitHub Pages"
http://www.smashingmagazine.com/2014/08/01/build-blog-jekyll-github-pages/
Might suit a developer better than installing WordPress and a
Bootstrap-based theme.
Post by Hristo Benev
Do you have any comments?
Hristo
Richard.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140811/73a47f3f/attachment.html
Nick Edwards
2014-08-24 04:07:10 UTC
Permalink
Would it not be better to first fix the
http://phishing.mailborder.com/phishing.bad.sites.conf
file?

I find it a bit ridiculous that you list URI shortners, like t.co and
others (yet strangely not fb.me)
its for that reason we dont and wont as an ISP, use your list. other
mailscanner users in my group were also mystified why, and wont use it
now.

It's kind of like the old spews, list a /16 because of one or two
spammers, complete overkill

just sayin...
Post by Jerry Benton
Hristo,
I would like to have content dynamically updated at some point. An example
would be an optional Phishing updates, ScamNailer updates (after we fix it),
etc. Also, versioning for content, a better wiki with better authoring
control, etc. The debate has already gone back and forth over this mailing
list regarding static vs CMS, so we don't need to rehash the same debate.
-
Jerry Benton
www.mailborder.com
Post by Richard Siddall
Post by Hristo Benev
Jerry,
Based on navbar-fixed-top
I've created this
http://hbcom.info/mailscanner/mailscanner_rapid_prototype_v1.png
Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.
Development and version control could be done via GIT (or other VCS).
"Build A Blog With Jekyll And GitHub Pages"
http://www.smashingmagazine.com/2014/08/01/build-blog-jekyll-github-pages/
Might suit a developer better than installing WordPress and a
Bootstrap-based theme.
Post by Hristo Benev
Do you have any comments?
Hristo
Richard.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Jerry Benton
2014-08-24 13:30:48 UTC
Permalink
Nick,

You have presented what you see as a problem, yet have not presented a solution. If you have a better way to do it, write it and send it to me or this list and I will be happy to implement it. If you think it is overkill to blacklist an entire domain, again, provide an alternate solution and if it makes sense and is sustainable I will be happy to implement it.

The current build uses domains instead of URLs because the list from the current source at phishtank.com, which uses URLs, was somewhere around 30,000 items the last time I checked. That is way too big for a config file. Therefore, the current build script scrubs those and gets it under 1,000 items. This is done by evaluating all of the URLs and pulling the domains from them. This is not like blacklisting a /16 CIDR. There is (should be) a hell of a lot more control of what content gets posted on a domain?s website. If there is malicious content anywhere on a website, the whole thing should be blacklisted until they fix it. This isn?t mystifying. Google does the same thing with its search results.


Requirements for a new solution:

- A source for the bad sites. www.phishtank.com is currently used. It is actively maintained. If you know of a better resource, feel free to let me know.
- A new cron to replace the current version. I am aware it is very basic and needs to be updated. What we need is either a cron that will read a custom section of phishing.bad.sites.conf or we can add an additional file called something like phishing.bad.sites.custom.conf that can be read and merged with phishing.bad.sites.conf during the build.
- The same thing for phishing.safe.sites.conf
- A source for the safe sites if you think the current source is a bad one.
- The same cron logic as stated above for the bad sites.


So what would be the most helpful thing at the moment would be a cron that addresses the above issue regarding custom entries. It would need to evaluate your ?safe? entries and remove it from the dynamic ?bad? entries if present. It would then need to append the custom ?safe? entries to phishing.safe.sites.conf.


-
Jerry Benton
www.mailborder.com
Post by Nick Edwards
Would it not be better to first fix the
http://phishing.mailborder.com/phishing.bad.sites.conf
file?
I find it a bit ridiculous that you list URI shortners, like t.co and
others (yet strangely not fb.me)
its for that reason we dont and wont as an ISP, use your list. other
mailscanner users in my group were also mystified why, and wont use it
now.
It's kind of like the old spews, list a /16 because of one or two
spammers, complete overkill
just sayin...
Post by Jerry Benton
Hristo,
I would like to have content dynamically updated at some point. An example
would be an optional Phishing updates, ScamNailer updates (after we fix it),
etc. Also, versioning for content, a better wiki with better authoring
control, etc. The debate has already gone back and forth over this mailing
list regarding static vs CMS, so we don't need to rehash the same debate.
-
Jerry Benton
www.mailborder.com
Post by Richard Siddall
Post by Hristo Benev
Jerry,
Based on navbar-fixed-top
I've created this
http://hbcom.info/mailscanner/mailscanner_rapid_prototype_v1.png
Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.
Development and version control could be done via GIT (or other VCS).
"Build A Blog With Jekyll And GitHub Pages"
http://www.smashingmagazine.com/2014/08/01/build-blog-jekyll-github-pages/
Might suit a developer better than installing WordPress and a
Bootstrap-based theme.
Post by Hristo Benev
Do you have any comments?
Hristo
Richard.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140824/d367a394/attachment.html
Joolee
2014-08-25 11:20:58 UTC
Permalink
If the data source is phishtank,the URL Blacklist service at
http://www.surbl.org/lists#ph also uses phishtank as one of the sources.
Post by Jerry Benton
Nick,
You have presented what you see as a problem, yet have not presented a
solution. If you have a better way to do it, write it and send it to me or
this list and I will be happy to implement it. If you think it is overkill
to blacklist an entire domain, again, provide an alternate solution and if
it makes sense and is sustainable I will be happy to implement it.
The current build uses domains instead of URLs because the list from the
current source at phishtank.com, which uses URLs, was somewhere around
30,000 items the last time I checked. That is way too big for a config
file. Therefore, the current build script scrubs those and gets it under
1,000 items. This is done by evaluating all of the URLs and pulling the
domains from them. This is not like blacklisting a /16 CIDR. There is
(should be) a hell of a lot more control of what content gets posted on a
domain?s website. If there is malicious content anywhere on a website, the
whole thing should be blacklisted until they fix it. This isn?t mystifying.
Google does the same thing with its search results.
- A source for the bad sites. www.phishtank.com is currently used. It is
actively maintained. If you know of a better resource, feel free to let me
know.
- A new cron to replace the current version. I am aware it is very basic
and needs to be updated. What we need is either a cron that will read a
custom section of phishing.bad.sites.conf or we can add an additional file
called something like phishing.bad.sites.custom.conf that can be read and
merged with phishing.bad.sites.conf during the build.
- The same thing for phishing.safe.sites.conf
- A source for the safe sites if you think the current source is a bad one.
- The same cron logic as stated above for the bad sites.
So what would be the most helpful thing at the moment would be a cron that
addresses the above issue regarding custom entries. It would need to
evaluate your ?safe? entries and remove it from the dynamic ?bad? entries
if present. It would then need to append the custom ?safe? entries to
phishing.safe.sites.conf.
-
Jerry Benton
www.mailborder.com
Would it not be better to first fix the
http://phishing.mailborder.com/phishing.bad.sites.conf
file?
I find it a bit ridiculous that you list URI shortners, like t.co and
others (yet strangely not fb.me)
its for that reason we dont and wont as an ISP, use your list. other
mailscanner users in my group were also mystified why, and wont use it
now.
It's kind of like the old spews, list a /16 because of one or two
spammers, complete overkill
just sayin...
Hristo,
I would like to have content dynamically updated at some point. An example
would be an optional Phishing updates, ScamNailer updates (after we fix it),
etc. Also, versioning for content, a better wiki with better authoring
control, etc. The debate has already gone back and forth over this mailing
list regarding static vs CMS, so we don't need to rehash the same debate.
-
Jerry Benton
www.mailborder.com
On Aug 11, 2014, at 11:55 AM, Richard Siddall <richard.siddall at elirion.net
Jerry,
Based on navbar-fixed-top
I've created this
http://hbcom.info/mailscanner/mailscanner_rapid_prototype_v1.png
Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.
Development and version control could be done via GIT (or other VCS).
"Build A Blog With Jekyll And GitHub Pages"
http://www.smashingmagazine.com/2014/08/01/build-blog-jekyll-github-pages/
Might suit a developer better than installing WordPress and a
Bootstrap-based theme.
Do you have any comments?
Hristo
Richard.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140825/ac82489e/attachment.html
Randal, Phil
2014-08-26 07:59:30 UTC
Permalink
Short URLs are probably best handled by SpamAssassin plugins like Steve Freegard's DecodeShortURLs:

https://github.com/smfreegard/DecodeShortURLs

Cheers,

Phil


From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jerry Benton
Sent: 24 August 2014 14:31
To: MailScanner discussion
Subject: Re: MailScanner Website

Nick,

You have presented what you see as a problem, yet have not presented a solution. If you have a better way to do it, write it and send it to me or this list and I will be happy to implement it. If you think it is overkill to blacklist an entire domain, again, provide an alternate solution and if it makes sense and is sustainable I will be happy to implement it.

The current build uses domains instead of URLs because the list from the current source at phishtank.com<http://phishtank.com>, which uses URLs, was somewhere around 30,000 items the last time I checked. That is way too big for a config file. Therefore, the current build script scrubs those and gets it under 1,000 items. This is done by evaluating all of the URLs and pulling the domains from them. This is not like blacklisting a /16 CIDR. There is (should be) a hell of a lot more control of what content gets posted on a domain's website. If there is malicious content anywhere on a website, the whole thing should be blacklisted until they fix it. This isn't mystifying. Google does the same thing with its search results.


Requirements for a new solution:

- A source for the bad sites. www.phishtank.com<http://www.phishtank.com> is currently used. It is actively maintained. If you know of a better resource, feel free to let me know.
- A new cron to replace the current version. I am aware it is very basic and needs to be updated. What we need is either a cron that will read a custom section of phishing.bad.sites.conf or we can add an additional file called something like phishing.bad.sites.custom.conf that can be read and merged with phishing.bad.sites.conf during the build.
- The same thing for phishing.safe.sites.conf
- A source for the safe sites if you think the current source is a bad one.
- The same cron logic as stated above for the bad sites.


So what would be the most helpful thing at the moment would be a cron that addresses the above issue regarding custom entries. It would need to evaluate your "safe" entries and remove it from the dynamic "bad" entries if present. It would then need to append the custom "safe" entries to phishing.safe.sites.conf.


-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>

On Aug 24, 2014, at 12:07 AM, Nick Edwards <nick.z.edwards at gmail.com<mailto:nick.z.edwards at gmail.com>> wrote:


Would it not be better to first fix the
http://phishing.mailborder.com/phishing.bad.sites.conf
file?

I find it a bit ridiculous that you list URI shortners, like t.co and
others (yet strangely not fb.me)
its for that reason we dont and wont as an ISP, use your list. other
mailscanner users in my group were also mystified why, and wont use it
now.

It's kind of like the old spews, list a /16 because of one or two
spammers, complete overkill

just sayin...


On 8/12/14, Jerry Benton <jerry.benton at mailborder.com<mailto:jerry.benton at mailborder.com>> wrote:

Hristo,

I would like to have content dynamically updated at some point. An example
would be an optional Phishing updates, ScamNailer updates (after we fix it),
etc. Also, versioning for content, a better wiki with better authoring
control, etc. The debate has already gone back and forth over this mailing
list regarding static vs CMS, so we don't need to rehash the same debate.



-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>

On Aug 11, 2014, at 11:55 AM, Richard Siddall <richard.siddall at elirion.net<mailto:richard.siddall at elirion.net>>
wrote:


Hristo Benev wrote:

Jerry,

Based on navbar-fixed-top

I've created this
http://hbcom.info/mailscanner/mailscanner_rapid_prototype_v1.png

Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.

Development and version control could be done via GIT (or other VCS).

"Build A Blog With Jekyll And GitHub Pages"
http://www.smashingmagazine.com/2014/08/01/build-blog-jekyll-github-pages/

Might suit a developer better than installing WordPress and a
Bootstrap-based theme.



Do you have any comments?

Hristo

Richard.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140826/46583f9a/attachment.html
Hristo Benev
2014-08-11 17:06:56 UTC
Permalink
Jerry,

I did not want to start new discussion.
What was the final decision CMS or static?

My understanding was that it was static, but I could be wrong.

Hristo
-------- ?????????? ????? --------
??: Jerry Benton jerry.benton at mailborder.com
???????: Re: MailScanner Website
??: MailScanner discussion <mailscanner at lists.mailscanner.info>
????????? ??: ??????????, 2014, ?????? 11 19:37:29 EEST
Hristo,
I would like to have content dynamically updated at some point. An example would be an optional Phishing updates, ScamNailer updates (after we fix it), etc. Also, versioning for content, a better wiki with better authoring control, etc. The debate has already gone back and forth over this mailing list regarding static vs CMS, so we don?t need to rehash the same debate.?
-
Jerry Benton
www.mailborder.com
On Aug 11, 2014, at 11:55 AM, Richard Siddall <
Jerry,
?????Based on navbar-fixed-top
I've created this
http://hbcom.info/mailscanner/mailscanner_rapid_prototype_v1.png
Is CMS really needed? How many pages are changed and how frequently?
AFAIK most of the changes are in the wiki.
Development and version control could be done via GIT (or other VCS).
"Build A Blog With Jekyll And GitHub Pages"
http://www.smashingmagazine.com/2014/08/01/build-blog-jekyll-github-pages/
Might suit a developer better than installing WordPress and a
Bootstrap-based theme.
Do you have any comments?
Hristo
Richard.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Loading...