I keep getting hit by phishing attacks, and they aren't being stopped by anything I've thrown up in front of them:
postfix is doing: reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client list.dsbl.org, I've got clamav pulling signatures updated once a day from sanesecurity (phishing, spam, junk, rogue), SecuriteInfo (honeynet, vx, securesiteinfo) and Malware Black List, MSRBL (images, spam). I've got spamassassin 3.2.5 with URIBL plugin loaded (which I understand pulls in the 25_uribl.cf automatically, right? Or do I need to configure that? if its automatic, that pulls in SURBL phishing). I've got Botnet setup, PDFinfo and postcards, i'm using DCC and a bayesdb, i've got the hashcash, and SPF plugins loaded, imageinfo, pretty much everything I can think of....but for some reason phishing attempts keep getting through. Sadly, I do not have an example I can share at the moment, as I typically delete them in a rage after training my bayes filter on them. However, I am looking for any suggestions of other things I can turn on... in particular, are there rules that people have created that look for certain keywords where the body is asking for your account/password information? Thanks for any ideas, micah