Localpart To: Present In From, Subject, etc...
I am sure this is doable and did some searching but couldn't find it referenced. How would one create a rule to detect the presence of the To: local part in the subject, ie spammer sends email To: localp...@domain.com and the rule triggers on the localpart being present in other headers such as the Subject, the From, etc... Thanks! ____ John Traweek CCNA, Sec+ Executive Director, Information Technology Proud PCI Associate for 18 years PCI: the data company Heritage Square . 4835 LBJ Freeway, Suite 1100 . Dallas, TX 75244 . 214.530.0394 Did you know last year, PCI raised over 9 million dollars in donations for our clients? Ask us how! This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. Sections 2510-2521 and is legally privileged. The information contained in this Email is intended only for . If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distributions or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us by telephone 1.800.395.4724 X160, and destroy the original message.
Training Bayes On A Gateway
I've built a gateway server using sa-exim to filter email for our corporate Microsoft Exchange environment. It's working pretty good, but I have Bayes turned off due to the fact that I am unsure on how to train it in this type of environment. Has someone written a how to article on how to efficiently continually train Bayes in any environment like this. I was thinking if specific users could forward SPAM to some box on Exchange and have sa-exim POP it or something to "learn" that would be ideal, but maybe there is a better way. Any ideas are appreciated, the easier the better. TIA... ________ John Traweek CCNA, Sec+ Executive Director, Information Technology Proud PCI Associate for 18 years PCI: the data company Heritage Square . 4835 LBJ Freeway, Suite 1100 . Dallas, TX 75244 . 214.530.0394 Did you know last year, PCI raised over 9 million dollars in donations for our clients? Ask us how! This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. Sections 2510-2521 and is legally privileged. The information contained in this Email is intended only for . If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distributions or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us by telephone 1.800.395.4724 X160, and destroy the original message.
RE: Hotfix/phishing spam
Usually an end user has to request the hotfix and fill out a form on the MS site and then MS will send out an email with the URI. So to answer your question, yes, MS does send out emails with hotfixes, but only when an end user requests it, at least in my experience… If the end user did not specifically fill out a form/request the hot fix, then I would be very suspicious… From: Alex [mailto:mysqlstud...@gmail.com] Sent: Thursday, August 14, 2014 7:22 PM To: SA Mailing list Subject: Hotfix/phishing spam Hi, We had users reporting receiving an email that appears to be from Microsoft regarding a hotfix, but it appears to actually contain Microsoft hotfix info with a URI to download an executable. The executable is a zip that contains a MSU (Windows6.1-KB977307-x64.msu). Does MS send such email? http://pastebin.com/BS5jt86N This one hits a lot of T_ rules; it'd be nice if they were real rules about now :-) It also hit BAYES_00, which I'm a little concerned about, but maybe not necessarily if the body is indeed actually legit... Thanks for any ideas. Alex ____ John Traweek CCNA, Sec+ Executive Director, Information Technology Proud PCI Associate for 17 years PCI: the data company Heritage Square . 4835 LBJ Freeway, Suite 1100 . Dallas, TX 75244 . 214.530.0394 Did you know last year, PCI raised over 9 million dollars in donations for our clients? Ask us how! This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. Sections 2510-2521 and is legally privileged. The information contained in this Email is intended only for . If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distributions or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us by telephone 1.800.395.4724 X160, and destroy the original message.
sa-exim Terse Rules
I'm new to the list, so if there are web archives that are easily searchable where I can find this info please point me to it. I am running sa-exim with SA 3.3.1. I am trying for the life of me to turn on the Terse report options, so that in the email headers I can see what points are being attributed to each rule. It seems this has changed somewhat from version to version so I can't seem to find anything specifically related to version and sa-exim when googling. TIA. ____ John Traweek CCNA, Sec+ Executive Director, Information Technology Proud PCI Associate for 15 years PCI: the data company Heritage Square . 4835 LBJ Freeway, Suite 1100 . Dallas, TX 75244 . 214.530.0394 Did you know last year, PCI raised over 9 million dollars in donations for our clients? Ask us how! This Email is covered by the Electronic Communications Privacy Act, 18 U.S.C. Sections 2510-2521 and is legally privileged. The information contained in this Email is intended only for . If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distributions or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us by telephone 1.800.395.4724 X160, and destroy the original message.