[Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass
tlhackque
tlhackque at yahoo.com
Wed Sep 27 07:45:31 EDT 2017
SpamAssassin:
Don't match X-Spam-Score unless you are extracting the value and doing
computation. Note that the value isn't necessarily numeric - e.g.
'undef - 10.0.0.23 is whitelisted' is a valid value, as are '-1.6 (-)',
'0.70 () [Tag at 5.00] COMBINED_FROM,SUBJ_YOUR_DEBT,SPF(pass,0)' and '0.00%'
Instead, match X-Spam-Level, which is designed for regex matching.
This will have a value of '*' for score 1, '**********' for score 10, etc.
So match for the minimum score that you consider spam. (Obviously, in a
regex, you have to quote the *).
E.g. '^\*\*\*\*\*\*\*\*\*' will match a score of 9 or higher.
On 26-Sep-17 09:23, Richard Shetron wrote:
> Spamassassin produces a numeric rating for for an email based on
> multiple rules. Legitimate email can easily get a rating of 3 or 4
> based on the way you have it configured. I've seen double digit
> ratings as well. If you check for a single digit, you may be
> filtering legitimate emails that have a low score.
>
> On 9/26/2017 7:58 AM, Robert Heller wrote:
> [snip]
>>
>> I also use Spamassassin on my server, so having a rule like:
>>
>> "X-Spam-Score: \d"
>>
>> is also helpful at catching spam and phishing mail.
>>
> [snip]
>
More information about the Mailman-Users
mailing list