[Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

[Grant Taylor]

On 09/26/2017 07:23 AM, Richard Shetron wrote:
> Spamassassin produces a numeric rating for for an email based on 
> multiple rules.  Legitimate email can easily get a rating of 3 or 4 
> based on the way you have it configured.  I've seen double digit ratings 
> as well.  If you check for a single digit, you may be filtering 
> legitimate emails that have a low score.

SpamAssassin can also be configured to provide a X-Spam-Level: header 
which includes an asterisk for each whole number in the spam score. 
Thus you can easily do textual matches on lines with more stars while 
not matching lines with fewer stars.

X-Spam-Level: *************
X-Spam-Status: Yes, score=13.3

vs

X-Spam-Level: *
X-Spam-Status: No, score=1

Both samples have "score=1" text, but only one has "X-Spam-Level: 
**********" text.

It's my understanding that this is exactly why SpamAssassin can be 
configured to provide the X-Spam-Level header.



-- 
Grant. . . .
unix || die