<p>So the envelope sender isn't forged, but a lot of the rest?<br>
Then this is a job for SA, write your own rules, and use SA rule hit actions in MS (this superseeds MCP, and is way more efficient than that).</p>
<p>Cheers<br>
-- <br>
-- Glenn</p>
<p><blockquote type="cite">Den 8 nov 2010 20.41, "John Baker" <<a href="mailto:johnnyb@marlboro.edu">johnnyb@marlboro.edu</a>> skrev:<br><br>Hi all,<br>
<br>
I'm trying to figure out what the easiest solution with the smallest footprint for this problem might be.<br>
<br>
Along with a lot of other schools we've had a chronic problem with phishing attempts that pretend to be us and ask for usernames and passwords. Pretty much all of them come from compromised accounts at other colleges and the spammers keep the numbers low enough and slow enough to not register on phising lists like ScamNailer. We always seem to have at least one taker who's account gets compromised by spammers for every major phishing attempt of this type. We have mechanisms like rate limiting in place to keep the damage limited but I'd really rather keep the accounts from getting compromised in the first place.<br>
<br>
What I need is something like the phishing feature in Mailscanner that looks for mismatches between claimed and actual addresses and warns that it might be phising but looks for things like password requests or pretending to be from "helpdesk" or "webmail" instead. I'd like to pick-out them out and warn users that it might be a phising attempt.<br>
<br>
I think that either Mailscanner MCP or postfix header/body checks could do this but I'm concerned about the added system load and possible slowdowns that either may add.<br>
<br>
Is their anything obvious I'm overlooking here like a way to do this in Mailscanner's non mcp configuration?<br>
<br>
Thanks<br>
<br>
-- <br>
John Baker<br>
Network Systems Administrator<br>
Marlboro College<br>
Phone: 451-7551 Cell: 451-6748<br><font color="#888888">
<br>
-- <br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website! </font></blockquote></p>