Hi everybody At the moment I follow a new type of (German) phishing attempts having always the sender matching the recipient (on both smtp envelope and headers).
In declude loglines I can see Skip AUTOWHITELIST due to the sender matches the recipient. sender=[art@redacted] and recipient=[art@redacted] The question is how can I "capture" this for further (combined) filtering. For example something like TESTSFAILED Any idea? Markus