On 13/12/2017 21:38, Reindl Harald wrote:
Am 13.12.2017 um 21:59 schrieb Groach:
Is there any suggestions on a rule or procedure to implement that will
help defend against the MAILSPLOIT type of spoofing?
Seehttps://marc.info/?l=spamassassin-users&m=151265708616825&w=2 and
follow-
ups?
Thanks for that.
I followed the thread you mentioned: I see that 'Kevin' says he has
a rule in his personal KAM.cf and that there isnt anything published
in base spamassassin scores. (Or am I missing something)?
So how does one:
a, obtain KAM.cf or
b, decipher the mechanism to which Kevin uses in order we can apply
similar in our own local.cf
and where is the problem copy the few lines to local.cf
header __KAM_MAILSPLOIT1 From =~ /[\0]/
describe __KAM_MAILSPLOIT1 RFC2047 Exploit
https://www.mailsploit.com/index
header __KAM_MAILSPLOIT2 From =~ /[\n]/
describe __KAM_MAILSPLOIT2 RFC2047 Exploit
https://www.mailsploit.com/index
tflags __KAM_MAILSPLOIT2 multiple maxhits=2
meta KAM_MAILSPLOIT (__KAM_MAILSPLOIT1 ||
(__KAM_MAILSPLOIT2 >= 2))
describe KAM_MAILSPLOIT Mail triggers known exploits per
mailsploit.com
score KAM_MAILSPLOIT 6.0
No problem. Of course I can do that but wanted to ask for other methods
too in case there was a more reliable way to check and update when Keven
updates his rules (to benefit from his other offerings).