I'm also curious as to what people's best practice settings are. I will give
a brief rundown here - if other people could do the same it might help
everyone to tune their systems.
Validate Helo is set to score
Validate Sender set to block
Senderbase is set to score but country blocking is off as w
> So far I have identified two domains that most mail claims as the from
> address. Both publish SPF records but define ~all so I have added
> them to strictSPFRe.
Hmmm... now I'm becoming curious; you're running ASSP, so, which
filters did you enable (set aside SPF and AV scanning) ? See, it so
> We have ClamAV running on our mailserver and are currently suffering a
> significant number of Trojans getting past.
ClamAV is a more than decent mail AVscanner but you'll need to feed it
with some additional signatures, namely the ones available here
http://www.sanesecurity.co.uk/databases
These are actually viruses,
They have an attachment that they instruct the user to option which installs
any number of rootkits/backdoors/password stealers.
So far I have identified two domains that most mail claims as the from
address. Both publish SPF records but define ~all so I have added the
>> These are your typical tax refund emails but also seem to be coupled with a
>> lot of fake Virgin Media bills and "rewards updates"
I wouldn't consider those to be viruses.
Install the SaneSecurity signatures and I believe you'll be pleasantly surprise.
Doug
-
Hi all,
We have ClamAV running on our mailserver and are currently suffering a
significant number of Trojans getting past.
These are your typical tax refund emails but also seem to be coupled with a
lot of fake Virgin Media bills and "rewards updates". I'm wondering if
anyone is seeing load
