Re: Catching Phishing messages
On Sun, Sep 20, 2020 at 09:35:22AM -0500, Daryl Rose wrote: > I tend to get a lot of phishing attempts, and they all get through. > > This appears to come from Apple, but obviously is not. Not a spamassassin solution, but Apple has a DMARC policy of quarantine for those types of emails. If you implement dmarc policy checking on your mail server and enforce the policy that Apple asks you to follow when you receive emails supposedly from apple.com, those phishing emails will end up in your mail server's quarantine directory. -Bryan
Re: Problem with Custom Spamassassin Rule
On Thu, May 10, 2007 at 06:36:05PM -0400, Daryl C. W. O'Shea wrote: > > You'll have to use To:raw =~ to prevent the extra whitespace from > being removed and even that might not work. I think we fixed it so that > it does though. Thank you every body that replied. To:raw =~ was the fix that fixed it. Cheers, Bryan
Problem with Custom Spamassassin Rule
I'm running SA 3.2.0 and am trying to write a custom spamassassin rule to deal with some recent spam I've been seeing that has 10 additional spaces in the "To:" header. For example: To: <[EMAIL PROTECTED]> So, I would like to write a rule that looks for at least two contiguous spaces before the email address brackets in the To: header. Accordingly, it seems that the following should work: header LOCAL_XTRA_SPACES_IN_TO To =~ /\s\s+/ score LOCAL_XTRA_SPACES_IN_TO 0.1 0.1 0.1 0.1 However, when I test this rule, I don't get a hit. Can anybody please tell me what I'm doing wrong? Thanks, Bryan
