> We are regularly getting phishes from dhl, fedex, usps, amazon, netflix,
> spotify that fakes the from (eg. amazon wants
> to send me a amadon-legit.pdf). Usually these are previously unknown to
> pyzor, dcc, rbls, and domain reputation doesn't really exist[0].
>
> I'm wondering if anyone has m
On 8/24/20 11:27 PM, micah anderson wrote:
What is the highest score you've seen a spam get? I think I just broke
my own high score, with a spam that managed to pile up 64 points.
I'm sure you all have seen much higher!
the score can depend on how creative you are.
score USER_IN_BLACKLIST 6
Axb skrev den 2020-08-25 09:50:
On 8/24/20 11:27 PM, micah anderson wrote:
I'm sure you all have seen much higher!
the score can depend on how creative you are.
score USER_IN_BLACKLIST 666.0
blacklist_from *@*
whitelist_auth *@*
something to John :=)
We have a own rule that mark special mails with spam score 1000
but with default values record is round about 22
Am 24.08.20 um 23:27 schrieb micah anderson:
What is the highest score you've seen a spam get? I think I just broke
my own high score, with a spam that managed to pile up 64 points.
This sounds like a really fun game! SpamAssassin's Creed!
On Tue, Aug 25, 2020 at 8:32 AM Philipp Ewald
wrote:
> We have a own rule that mark special mails with spam score 1000
> but with default values record is round about 22
>
> Am 24.08.20 um 23:27 schrieb micah anderson:
> >
> > What is the
On Mon, 24 Aug 2020 19:22:27 -0700 (PDT)
John Hardin wrote:
> That could be captured by the above whitelist_auth, plus a "from
> name" rule:
>
>header FM_NAME_AMAZON From:name =~ /^amazon(?:.com\b|$)/i
>score FM_NAME_AMAZON 10
>
> That's a poison pill by itself, but the whitelist_aut
Hi Rob
This works like a charm, blocking a lot of: bounces+8465718 atm.
Thank you for your excellent plugin!
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G-Leiter Commerce Kunden
__
Zurlindenstrasse 29
--On Saturday, August 22, 2020 11:15 AM -0400 Jered Floyd
wrote:
Like most ISPs, they have a feedback loop to remove malicious users. I
assume it is too slow, so a SendGrid account ID RBL would provide
meaningful value.
On 8/22/2020 3:35 PM, Kenneth Porter wrote:
Would not Pyzor accomplish t
On 8/25/2020 11:42 AM, Matus UHLAR - fantomas wrote:
well, do we have anything available now to block at SMTP level?
- postfix policy server?
- milter?
so far I have noticed only SA plugins. Which is not bad, but that HUGE
advantage is not usable now.
And likewise - 48 hours ago - a SpamAssas
On 8/25/2020 1:20 PM, Rob McEwen wrote:
but I can do everything, at least not all at once
*can't do
--
Rob McEwen
https://www.invaluement.com
Matus UHLAR - fantomas skrev den 2020-08-25 17:42:
well, do we have anything available now to block at SMTP level?
- postfix policy server?
- milter?
so far I have noticed only SA plugins. Which is not bad, but that HUGE
advantage is not usable now.
fuglu
i reject highscore spams, just setup
Rob McEwen skrev den 2020-08-25 19:20:
PRO TIP: Instead of complaining about this problem on this thread -
why not go to the discussion list or forum of your preferred MTA - and
ask them to implement it?
maybe make clamav sigs ?
is mimedefang working still ?, special plugins needed ?, i just
On 8/25/2020 2:29 PM, Benny Pedersen wrote:
maybe make clamav sigs ?
Benny,
Thanks for your other suggestions - those are worth exploring.
Also - the Clamav Sigs is not a bad idea - but even besides the fact
that (like SA rules), Clamav is content filtering and not at the
SMTP-Envelope lev
On Tue, Aug 25, 2020 at 08:29:55PM +0200, Benny Pedersen wrote:
> Rob McEwen skrev den 2020-08-25 19:20:
>
> > PRO TIP: Instead of complaining about this problem on this thread -
> > why not go to the discussion list or forum of your preferred MTA - and
> > ask them to implement it?
>
> maybe mak
On 2020-08-25 11:42, Matus UHLAR - fantomas wrote:
well, do we have anything available now to block at SMTP level?
- postfix policy server?
- milter?
so far I have noticed only SA plugins. Which is not bad, but that HUGE
advantage is not usable now.
Nothing elegant about this but it was easy
On Tue, 25 Aug 2020, John Capo wrote:
Create a file like this from the ids in
https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt
/^bounces\+2191708-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
account
/^bounces\+4227563-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
accou
Thanks, John Capo, for the suggestions! Honestly, I'm at the end of my
rope - completely burned out from creating this - desperately needing to
catch up in other areas of my business so that I can pay my bills. And I
have other ideas for how to make this data even better that I'm trying
to get
On 8/25/2020 11:04 PM, John Hardin wrote:
I just wrote something similar to generate a rule, in case for some
reason you don't want to use a plugin. Let me know if there's any
interest in it.
yes - please share!
--
Rob McEwen
https://www.invaluement.com
+1 (478) 475-9032
Here's mine, had it running as a regular cron job for a few days now.
On Wed, 26 Aug 2020 at 04:08, Rob McEwen wrote:
> On 8/25/2020 11:04 PM, John Hardin wrote:
> > I just wrote something similar to generate a rule, in case for some
> > reason you don't want to use a plugin. Let me know if ther
19 matches
Mail list logo
