Micah Anderson wrote: > I keep getting hit by phishing attacks, and they aren't being stopped by > anything I've thrown up in front of them: > > postfix is doing: > reject_rbl_client b.barracudacentral.org, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client list.dsbl.org, > > I've got clamav pulling signatures updated once a day from sanesecurity > (phishing, spam, junk, rogue), SecuriteInfo (honeynet, vx, > securesiteinfo) and Malware Black List, MSRBL (images, spam). > > I've got spamassassin 3.2.5 with URIBL plugin loaded (which I understand > pulls in the 25_uribl.cf automatically, right? Or do I need to configure > that? if its automatic, that pulls in SURBL phishing). I've got Botnet > setup, PDFinfo and postcards, i'm using DCC and a bayesdb, i've got the > hashcash, and SPF plugins loaded, imageinfo, pretty much everything I > can think of....but for some reason phishing attempts keep getting > through. > > Sadly, I do not have an example I can share at the moment, as I > typically delete them in a rage after training my bayes filter on > them. However, I am looking for any suggestions of other things I can > turn on... in particular, are there rules that people have created that > look for certain keywords where the body is asking for your > account/password information? > > Thanks for any ideas, > micah > Consider submitting them to SaneSecurity (www.sanesecurity.com) so that the signatures can be added to their phishing signature database.
Bill
