Micah Anderson wrote:
I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
postfix is doing:
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client list.dsbl.org,
I've got clamav pulling signatures updated once a day from sanesecurity
(phishing, spam, junk, rogue), SecuriteInfo (honeynet, vx,
securesiteinfo) and Malware Black List, MSRBL (images, spam).
I've got spamassassin 3.2.5 with URIBL plugin loaded (which I understand
pulls in the 25_uribl.cf automatically, right? Or do I need to configure
that? if its automatic, that pulls in SURBL phishing). I've got Botnet
setup, PDFinfo and postcards, i'm using DCC and a bayesdb, i've got the
hashcash, and SPF plugins loaded, imageinfo, pretty much everything I
can think of....but for some reason phishing attempts keep getting
through.
Sadly, I do not have an example I can share at the moment, as I
typically delete them in a rage after training my bayes filter on
them. However, I am looking for any suggestions of other things I can
turn on... in particular, are there rules that people have created that
look for certain keywords where the body is asking for your
account/password information?
Thanks for any ideas,
micah
Report these and maybe they will add something that catches them. If one
wanted to, they can get any mail the want through your filters if they
are good and don't use things that trigger the rules.
