Re: help with phishing email?

On 12/10/2017 11:49 AM, Colony.three wrote: * http://www.postfix.org/POSTSCREEN_README.html with that config and postscreen properly configured you block far more than 90% of junk without risk false positives postscreen_dnsbl_threshold = 8 postscreen_dnsbl_action =

Re: help with phishing email?

> - http://www.postfix.org/POSTSCREEN_README.html > > with that config and postscreen properly configured you block far more > than 90% of junk without risk false positives > > postscreen_dnsbl_threshold = 8 > postscreen_dnsbl_action = enforce > postscreen_greet_action = enforce >

Re: help with phishing email?

On 12/09/2017 05:40 AM, Rupert Gallagher wrote: ... On Sat, Dec 9, 2017 at 04:24, Jari Fredriksson > wrote: 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) I would recommend setting the score for SPF_FAIL to a point or two these days. Major

Re: help with phishing email?

... On Sat, Dec 9, 2017 at 04:24, Jari Fredriksson wrote: > 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) @whyscream.net>

Re: help with phishing email?

wow... depending on your geolocation, the phishing text changes and, at least in Spanish, it is totally correct!! sometimes i have to take my hat off...  -PedroD

Re: help with phishing email?

> first: before you call me again a fascist just because i don't agree > with your opinions backed by 10 years professional mailadmin better > don't give half thought advises! > > Am 09.12.2017 um 03:50 schrieb Colony.three: > >> Also in /etc/postfix/main.cf add to smtpd_recipient_restrictions =

Re: help with phishing email?

> Tom Hendrikx kirjoitti 9.12.2017 kello 0.34: > > On 08-12-17 19:09, AJ Weber wrote: >> I'm trying to decide the best way to detect something like this. >> >> https://pastebin.com/hCX9MWNg >> >> Looking at the raw headers and body it's pretty easy to tell this is a >>

Re: help with phishing email?

> Tom Hendrikx kirjoitti 9.12.2017 kello 0.34: > > On 08-12-17 19:09, AJ Weber wrote: >> I'm trying to decide the best way to detect something like this. >> >> https://pastebin.com/hCX9MWNg >> >> Looking at the raw headers and body it's pretty easy to tell this is a >>

Re: help with phishing email?

> I'm trying to decide the best way to detect something like this. > > https://pastebin.com/hCX9MWNg > > Looking at the raw headers and body it's pretty easy to tell this is a > spoof, but when it shows-up in an inbox, it looks pretty good. > > Something specific to Amazon (where this is purported

Re: help with phishing email?

On Fri, 8 Dec 2017, John Hardin wrote: On Fri, 8 Dec 2017, AJ Weber wrote: I'm trying to decide the best way to detect something like this. https://pastebin.com/hCX9MWNg That appears to be corrupt. I downloaded it and ran it through my testbed and it wouldn't decode the body. Don't know

Re: help with phishing email?

On Fri, 8 Dec 2017, AJ Weber wrote: I'm trying to decide the best way to detect something like this. https://pastebin.com/hCX9MWNg That appears to be corrupt. I downloaded it and ran it through my testbed and it wouldn't decode the body. -- John Hardin KA7OHZ

Re: help with phishing email?

On 08-12-17 19:09, AJ Weber wrote: > I'm trying to decide the best way to detect something like this. > > https://pastebin.com/hCX9MWNg > > Looking at the raw headers and body it's pretty easy to tell this is a > spoof, but when it shows-up in an inbox, it looks pretty good. > > Something

Re: help with phishing email?

AJ, i cannot see anything with sense... is the pastebin correct?  -PedroD