Current Stories
Tuesday 22nd, July 2008
Vulnerability: Upgrade to BES v4.1 SP6 (4.1.6)07/22/2008 10:19 PM 
Vulnerability:
In the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. Upgrade to BlackBerry Enterprise Server software version 4.1 Service Pack 6 ( Version 4.1.6 )
Overview:
This advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to.
The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0.
Problem:
A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.
Resolution:
Upgrade to BlackBerry Enterprise Server software version 4.1 Service Pack 6 (4.1.6).
Research In Motion (RIM) has also issued an interim security software update that resolves this vulnerability in earlier affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software.
More @blackberry.com
Technorati: BlackBerryFriday 18th, July 2008
Postini / Google Messaging Security, X-pstn-levels Header Information07/18/2008 09:55 PM 
Here is the information on the Postini X-pstn-levels Header Information.
The Postini Junk mail filter now called 'Google Messaging Security (GMS)'
Note:
I did the implementation for 2 clients one with 13.000 and one with 3000, IBM Lotus Notes Clients, with 100% satisfaction!
X-pstn-levels Header:
The letter/number pairs that appear on X-pstn-levels tell you which filters (if any) were triggered and to what degree.
The letters that may appear on this line are:
General Transport Heuristics Filters:
GT1 = General transport heuristics most trusted
GT2 = General transport heuristics more trusted
GT3 = General transport heuristics trusted
Spam Filters:
S = General/bulk spam score
CV = Internal use only. This has no effect on the overall spam score or message disposition.
P = Sexually explicit (pornography) spam score
M = Make-money-fast (MMF) spam score
C = Commercial or “special offer” spam score
R = Racially insensitive spam score
Industry Heuristics Filters (optional feature):
FC = Financial Content score
LC = Legal Content score
Spam Scores:
A spam score of 100 on the S filter would indicate that this email contains nothing that triggers the general spam filter (it is a valid message).
The lower the score, the more likely that this message is spam.
Category Scores:
A message is assigned to a filter category when its score in that category is an 85 or below.
Example:
X-pstn-levels: (S: 0.00000/60.95723
CV:99.9000 R:95.91080 P:95.91081 M:64.93900
C:93.23770 )
X-pstn-settings: 5 (2.00000:8.00000) r p M c
The overall spam score is S: 0.00000. This is a Make-Money-Fast (M) spam message, as shown by the capital M in the X-pstn-settings line.
A score of 85 or below triggers a category filter and in this example the Make-Money-Fast score is M:64.9390.
The X-pstn-levels header will not be listed in the headers if one of the recipients has Bulk Email protection disabled.
This means that if the email message is sent to two users, one with the Bulk Email filter turned on and the other with it turned off, the message security service will not include this header.
Blatant Spam Blocking (BSB) Score:
A second numeric evaluation, the BSB score, appears after the spam score on the X-pstn-levels header. The BSB score is used by the spam engine to identify messages that should be bounced or blackholed by Blatant Spam Blocking. Unlike the spam score, the BSB score should not be evaluated directly.
Example:
X-pstn-levels: (S: 0.00010/62.95723 )The spam score (S:) is separated from the BSB score by a slash (“/”).
The BSB score will always appear, even if BSB is not turned on.
Should a message score as blatant spam, the BSB disposition of bounce or blackhole will result in a discarded message being discarded. So, there will not be any headers for those messages. The reason the BSB score was added is to make it clear to someone evaluating the headers that the message did meet the spam score criterion but failed to meet the BSB score criterion.
See this link on the About Header Tags
Note:
Compare link, $10 / user for each additional year of message retention. Need inbound email filtering only? Buy Message Filtering for just $3 / user / year
Technorati: Domino SpamFriday 11th, July 2008
Badkey goes Fotofans.nl07/11/2008 11:58 PM 
Soon we will open a new Photo Club website:
http://www.fotofans.nl
The site is not open and it will be a Dutch content site, see here the preview announcement, in Dutch:
Hier is verhaal van een van de leden,
Poldersessie met fotofans.nl 11-07-2008
Vanavond de eerste fotoshoot met de fotofans.nl club gehad. Bewapend met de D80's op naar de IJsseldijk om te kijken hoe de sunset daar is.
Na afloop de resultaten uiteraard meteen op badkey.com gezet!
We hebben vooral geleerd dat we een groothoeklens nodig hebben, iets tussen de 10 en 20 mm.
Daar gaan we er de volgende keer een paar van huren en dan op naar Kinderdijk!
Dat datum waarop dat gaat gebeuren verschijnt vanzelf op onze website http://www.fotofans.nl
Houd deze site de komende weken in de gaten en meld je aan als je mee wilt met een fotofans.nl fotoshoot!
The Badkey Team
Technorati: PhotographySaturday 28th, June 2008
Random Spam Generator. Test your spam filter on Blatant Spam Blocking (BSB)06/28/2008 06:18 PM 
Here is a link that generates 100% Blatant Spam (BSB).
Just copy the information into the body of a new message and it should be blocked by the spam filter
Link: Wikipedia Spam
Note:
I just found The Badkey Link on Planetlotus.org
Technorati: SMTP SpamThursday 26th, June 2008
Mail Box Cleaner v2 - Remove dead mail from server mail boxes06/26/2008 09:13 PM 
Dead mail (which from experience consists mostly of spam) can fill server mail boxes and the only way to get rid of it is to manually delete it. This database is a tool for Lotus Notes administrators to remove dead mail from the server's mail box(s) on a regular basis.
Function:
This database is a tool for Lotus Notes administrators to remove dead mail from the server's mail box(s) on a regular basis.
A scheduled database agent firstly builds a list of the dead mail and creates a log document containing the details of each dead mail, and then deletes all the dead mail.
Features:
- Removes dead mail from one or more server mail boxes. (i.e.. mail.box, mail1.box, mail2.box, etc.)
- Can be scheduled to run at any interval
- Reports are created in the database which can also be emailed
- Old reports are purged after a specified interval
- Documents are selected via a configurable selection formula
Installation:
- Place this database anywhere under the Notes DATA path of your server
- Change the ACL to your needs
- Sign the database
- Modify the Settings document as required
- Set the agent schedule interval (default is every 30 minutes)
- Enable the agent
Note: Internal Badkey.com Link to the database
Developer: John Buoro
More @VirtualObjectives.com.au
Technorati: Domino New Release WebDesignThursday 19th, June 2008
Restricting inbound SMTP connections06/19/2008 09:29 PM 
APNIC is one of five Regional Internet Registries currently operating in the world. It provides allocation and registration services which support the operation of the Internet globally. It is a not-for-profit, membership-based organisation whose members include Internet Service Providers, National Internet Registries, and similar organisations. APNIC represents the Asia Pacific region, comprising 56 economies.
APNIC allocates resources in the following ranges within the Asia Pacific region.
Restricting inbound SMTP connections:
Some users and organizations may attempt to send bulk spam mail to your site. You can use Inbound Connection Controls to prevent Domino from accepting unwanted mail and keep your servers from redistributing it.
Complete the following fields on the Router/SMTP - Restrictions and Controls - SMTP Inbound Controls tab in the Configuration Settings document. If you enter an IP address, use brackets -- for example, [205.159.212.144]. You can use an asterisk in an IP address, but only for an entire octet -- for example, [205.159.212.*].
The following graphic shows an example of how you might fill in these fields:
Verify sender's domain in DNS: Leave this disabled, this is the 'old' reverse lookup.
By Chris Linfoot
"First, "Verify connecting hostname in DNS". Leave it disabled!
It is true that enabling it will defeat some spam, but it will also defeat a lot of real email (because too many systems used to send business email still have incorrect or missing DNS). As a corollary to this, it will also accept a lot of spam because so much spam comes from systems that do have well formed DNS but just shouldn't be sending any direct-to-MX email.
"Deny connections from the following SMTP internet hostnames/IP addresses" is an often overlooked feature of D7, distinct as it is from the private blacklist, but is a useful supplement to local and DNS blacklisting.
Why? Because systems blocked by DNS and local blacklists will see your custom error response and thus senders will know why they were blocked. In many cases you want them to know - that is why you use the custom error response - but in some cases you just don't want to accept messages and may not want to say why."
By Chris Linfoot
"First, "Verify sender's domain in DNS". Turn it on.
This just ensures that inbound mail comes from an envelope sender that can actually accept replies and not something completely bogus. Real senders always want to accept replies. Spammers often do not and may spoof a completely invalid address. Thus the risk of false positives is nil but this will keep out a small amount of spam and some malware."
as a Private Domain fliter:
Mail from the domain:
host smtp.badkey.com[XXX.XXX.XXX.XXX] said: 554
Your email was not delivered because the host which attempted delivery, is listed in Badkey private DNS blacklist filter.
Please see http://www.badkey.com for more information and assistance. (in reply to MAIL FROM command)
More @ibm.com/developerworks and IBM Redbook: Lotus Domino 6 spam Survival Guide for IBM eServer
Note: For information on how to block or accept connections for specific hosts using a NOTES.INI parameter, refer to the document titled " Preventing SMTP Denial of Service Attacks from Specific IP Addresses" (#1105201).
Supporting Information:
Domino is operating in accordance with RFC 821 and RFC 2821. Any attempts to prematurely disconnect the client/sender violates section 4.1.1 of RFC 821, which explicitly states that disconnection should occur only after a QUIT command is issued by the client. For further information, refer to the following:
RFC 821, section 4.1.1
RFC 2821, section 4.5.3.2
Addressing the challenge of responsible Internet resource distribution in the Asia Pacific region.
More @apnic.net
Note just as an example: (Domino ND8)
*.ru
*.ro
*.in
*.br
*.cn
*.jp
*.il
[58.0.0.*]
[59.0.0.*]
[60.0.0.*]
[61.0.0.*]
[112.0.0.*]
[113.0.0.*]
[114.0.0.*]
[115.0.0.*]
[116.0.0.*]
[117.0.0.*]
[118.0.0*]
[119.0.0.*]
[120.0.0.*]
[121.0.0.*]
[122.0.0.*]
[123.0.0.*]
[124.0.0.*]
[125.0.0.*]
[126.0.0.*]
[169.208.0.*]
[202.0.0.*]
[203.0.0.*]
[210.0.0.*]
[211.0.0.*]
[218.0.0.*]
[219.0.0.*]
[220.0.0.*]
[221.0.0.*]
[222.0.0.*]
Technorati: DNSRBL Firewall Lotus Notes SMTP SpamTuesday 17th, June 2008
Badkey uses zen.spamhaus.org and country block based on APNIC06/17/2008 09:37 PM 
After using zen.spamhaus.org see here the report for:
06/01/2008 - 06/15/2008
The Badkey Team
Technorati: Badkey DNSRBL Information Spam Virus blocked using 88.blacklist.zap06/17/2008 08:23 PM 
Frontbridge’s 88.blacklist.zap,
blacklist.zap is a private blacklisting service. The sender's IP has been blocked for one reason or another, usually for sending spam.
That doesn't mean you sent it, only that the address you are using is part of an address block that's been blacklisted.
Frontbridge is a mail exchange service is used by the receiver's company.
Frontbridge is a messaging and email service acquired by Microsoft in 2005.
http://www.microsoft.com/presspass/press/2005/jul05/07-20FrontBridgePR.mspx
and is now http://www.microsoft.com/exchange/services/default.mspx
EDIT - contact your ISP and let them know about the block. It usually takes a couple of days to resolve that kind of stuff. Until then, use an alternate email service.
*** If you have received an error message regarding 88.blacklist.zap, they are quick to help with delisting issues-- you should send an email to the email address below and include the IP address: "Frontbridge Delisting Requests" <delist(AT)frontbridge.com>
Steps you can take to ensure that your IP address is not blacklisted
Getting spam complaints from your subscribers is the main reason for getting blacklisted. Here are some things to you can do to prevent getting these complaints.
1. Double opt-in – Having your subscriber’s double opt-in is not only a Streamsend policy, but is the best way to ensure the right people receiving your email blasts. By having your subscribers confirm their subscription to your email blast you prevent any addresses from fraudulently being added to your lists.
2. Control frequency of emails – If you haven’t sent to your list in a several months, some subscribers may forget that they had signed up, and complain. You will want to keep in contact with them so they recognize your messages when they arrive in their inbox.
3. Ensure You Have Valid Emails – ISP’s monitor how many soft and hard bounces occur during an email blast. Make sure that you have a clean list to start. This generally shouldn’t be a problem, but some clients have a double-optin list, but haven’t sent messages for a long time. In these cases you may wish to send slowly over time for your first couple of email blasts so that our system can clean your list without ISPs getting blacklisted.
4. Don’t use subject lines that can appear to be spam – With spam being as big of a problem as it is these days, people sometimes assume a message is spam without getting past the subject line. You will want to be sure to avoid terms that sound as though they could be used for spam (ex. Don’t miss this free opportunity! / Great deals on new products!)
5. Make sure your from name and address are familiar – If there is any confusion as to where your message is coming from, your subscribers would be much less inclined to report you as a spammer if they could contact you directly.
6. Ensure opt-out URL is CLEARLY visible – Even if a subscriber has double-opted in to your mailing list, they may eventually decide they’d like to unsubscribe. If you don’t give them the option to do so, their next step may very well be likely to report your message as spam.
The Badkey Team
Technorati: None Badkey Information Security SMTP SpamWednesday 11th, June 2008
