Spam coming through now and then
MailAdmin
mailadmin at midland-ics.ie
Fri Oct 23 10:50:52 IST 2009
I just noticed I mailed this post in a reply to another. Apologies for
that. Busy morning :(
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
MailAdmin
Sent: 23 October 2009 10:30
To: MailScanner discussion
Subject: Spam coming through now and then
I have had a email that got through MailScanner/Spamassasin
Looking at the details in Mailwatch the SpamAssasin Score is 0, with
Cached Out in the Spam Report?
Wondering why would SA time out? Server under pressure?
Thanks
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
Broens
Sent: 23 October 2009 09:20
To: MailScanner discussion
Subject: Re: school targeted phishing getting past MailScanner and
ScamNailer
On 10/23/2009 9:48 AM, --[ UxBoD ]-- wrote:
> ----- "Robert Lopez" <rlopezcnm at gmail.com> wrote:
>
> | >From what I see in the logs MailScanner and ScamNailer are stopping
> | a
> | LOT of email like these examples:
> |
> | Found phishing fraud from
> | http://email.eharmony.com/t/3245264/61666596/125002/0/ claiming to
be
> | www.eharmony.com in F1AB6660637.1911E
> | Found phishing fraud from
> |
http://echo4.bluehornet.com/ct/5756277:6696375060:m:1:398960397:0FE61091
879EEBBC9425626D5DFDF9C1
> | claiming to be
> |
www.playforfreewith500%%bonuscoupon"gwgma"atwww.mightyslots.co
m
> | in DB66D29B5.F13D9
> |
> | I am not sure if those are phishing or not. They are at least
probably
> | spam.
> |
> | Using : grep "Found phishing fraud" maillog | grep -v "claiming to
> | be"
> | finds only 12 log entries whereas the "claiming to be" type are
20842
> | since Monday morning.
> |
> | What is not being stopping is the email that threatens to remove the
> | target's email account unless they send account name, birth date,
> | student id, password, etc. to an email address.
> |
> | I am wondering if I should attempt to write Spamassassin rules to
> | stop
> | that kind of phishing. Everything I think of would stop _this_
email
> | if I assigned weight to the critical words used in that type of
> | email.
> |
> | What other ways can MailScanner and ScamNailer be used to stop this
> | kind of school targeted phishing which all too often is successful
> | and
> | leads to account compromises?
> |
> You could try this from John Hardin on the SpamAssassin list :-
>
>
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/
20_fillform.cf?revision=828291&view=markup
>
> It may require a few tweaks for your own setup.
iirc, these rules *may* require some changes in the ReplaceTags plugin
which will be released in SA 3.3.0, some rules *may* fail or do weird
things.
be attentive...
Alex
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
This e-mail is intended solely for the addressee(s) and is strictly
confidential. The unauthorised use, disclosure or copying of this
e-mail, or any information it contains is prohibited. If you have
received this e-mail in error, please notify us immediately and then
permanently delete it. Although Midland Internet & Computer Solutions
make every effort to keep our systems free from viruses you should check
this e-mail and any attachments to it for viruses as we cannot accept
any liability for viruses inadvertently transmitted by use.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
This e-mail is intended solely for the addressee(s) and is strictly confidential. The unauthorised use, disclosure or copying of this e-mail, or any information it contains is prohibited. If you have received this e-mail in error, please notify us immediately and then permanently delete it. Although Midland Internet & Computer Solutions make every effort to keep our systems free from viruses you should check this e-mail and any attachments to it for viruses as we cannot accept any liability for viruses inadvertently transmitted by use.
More information about the MailScanner
mailing list