I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
postfix is doing:
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client list.dsbl.org,
I've got clamav pulling signatures updated once a day from sanesecurity
(phishing, spam, junk, rogue), SecuriteInfo (honeynet, vx,
securesiteinfo) and Malware Black List, MSRBL (images, spam).
I've got spamassassin 3.2.5 with URIBL plugin loaded (which I understand
pulls in the 25_uribl.cf automatically, right? Or do I need to configure
that? if its automatic, that pulls in SURBL phishing). I've got Botnet
setup, PDFinfo and postcards, i'm using DCC and a bayesdb, i've got the
hashcash, and SPF plugins loaded, imageinfo, pretty much everything I
can think of....but for some reason phishing attempts keep getting
through.
Sadly, I do not have an example I can share at the moment, as I
typically delete them in a rage after training my bayes filter on
them. However, I am looking for any suggestions of other things I can
turn on... in particular, are there rules that people have created that
look for certain keywords where the body is asking for your
account/password information?
Thanks for any ideas,
micah
