On Thu, May 11, 2023 at 11:21:20AM -0400, Greg Troxel wrote:
>
> But is it good practice for the main distributed rules to rely on this
> default? It feels like a lint/pedantic error to define a rule that is
> not T_ or __ and does not have an assigned score. But maybe this is
> common and
Try something like this if I understand you correctly trying to score is a
__ rule:
meta OBFU_UNSUB_UL ( __OBFU_UNSUB_UL >=1 )
There are plenty of rules that are designed to be conditions in other meta
rules. Now that you've created a rule that relies on that condition you can
score the meta
>
> > I was wondering if spamassassin is applying some sort of algorithm to
> > comparing sender domain against recipient domain to detect a phishing
> > attempt?
>
> There is a suite of meta rules and subrules with names containing
> TO_EQ_FROM in the default rule channel. Consult the rules
>
>
> what useful information would you be looking for from this kind of
> comparison?
sen...@a1exander.com
recipi...@alexander.com
* 3.9 PHISHING 1=l attempt
I assume there are some character substitude algorithms available, maybe an
adapted version of an algorithm that tries to detect
On 2023-05-11 at 16:22:12 UTC-0400 (Thu, 11 May 2023 20:22:12 +)
Marc
is rumored to have said:
I was wondering if spamassassin is applying some sort of algorithm to
comparing sender domain against recipient domain to detect a phishing
attempt?
There is a suite of meta rules and subrules
what useful information would you be looking for from this kind of comparison?
All the time I receive mail from people with non-local domains and regularly
receive e-mail from co-workers using the same domain as me.
The kind of things that might be useful are:
1) detecting local-domain
I was wondering if spamassassin is applying some sort of algorithm to comparing
sender domain against recipient domain to detect a phishing attempt?
Matus UHLAR - fantomas writes:
> On 11.05.23 10:58, Greg Troxel wrote:
>>I am seeing a lot of "claim your prize from X", where X is a known
>>company, coming from fresh foo.autos domains. I bet y'all are seeing
>>this too. Until these get on blocklists they don't score that high.
>>
>>One rule
On 11.05.23 10:58, Greg Troxel wrote:
I am seeing a lot of "claim your prize from X", where X is a known
company, coming from fresh foo.autos domains. I bet y'all are seeing
this too. Until these get on blocklists they don't score that high.
One rule that does hit is
OBFU_UNSUB_UL
which is
I am seeing a lot of "claim your prize from X", where X is a known
company, coming from fresh foo.autos domains. I bet y'all are seeing
this too. Until these get on blocklists they don't score that high.
One rule that does hit is
OBFU_UNSUB_UL
which is defined in 72_active.cf as meta, and
> IP ranges and country connections are of no help. These criminals use
> outlook, gmail, vps servers and everything under the sun.
So they register new domains, link them to gmail (outlook) and send spam with
envelope of the domain via the google network, and google does nothing and
keeps
11 matches
Mail list logo
