On 13.08.22 13:43, Noel Butler wrote:
Why are you not blocking with blacklists at the border, ie: MTA.
one can block at MTA level, but blocklists are usable on multiple headers,
not just on the incoing IP address.
On 13/08/2022 09:55, joe a wrote:
I need to refresh my brain on using blacklists with SA, before
looking more deeply into why this got through.
Today a email slipped through with a very low score that was clearly
phishy. A url in question, posing as another, hits no less that 6
blacklists. I was going to look at clamav that is in use here, as I
had just been tuning that a bit and realized that that may be using
a hammer to drive a screw. so to speak.
Or are they passe these days?
show us the headers and possibly the IP. not here, use pastebin or similar
service.
you may need to have trusted_networks and internal_networks configured
properly.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
