On Thu, 11 May 2023, Marc wrote:
I was wondering if spamassassin is applying some sort of algorithm to
comparing sender domain against recipient domain to detect a phishing
attempt?
There is a suite of meta rules and subrules with names containing
TO_EQ_FROM in the default rule channel
On Sat, 13 May 2023, Matus UHLAR - fantomas wrote:
But I was more interested if SA already has something like that?
It does not.
On Fri, 12 May 2023, Loren Wilton wrote:
Weren't there a whole set of "FUZZY" rules once?
On 12.05.23 20:01, John Hardin wrote:
There still are.
however
A while back I created a plugin for checking Levenshtein distance on From
and To domains, this might answer the problem?
An example configuration might look like this -
This would look just for From domains with a distance equal to 1 from
alexander.com
---8<---
ifplugin
But I was more interested if SA already has something like that?
It does not.
On Fri, 12 May 2023, Loren Wilton wrote:
Weren't there a whole set of "FUZZY" rules once?
On 12.05.23 20:01, John Hardin wrote:
There still are.
however these rules only search for words like viagra,
>
> On Fri, May 12, 2023 at 05:32:30PM +0200, Reindl Harald wrote:
> > > On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> > > > On Fri, 12 May 2023, Matija Nalis wrote:
> > > > > That is because those domains are not EQUAL? Od did you wanted a
> > > > > rule that checks only on
On Fri, 12 May 2023, Loren Wilton wrote:
But I was more interested if SA already has something like that?
It does not.
Weren't there a whole set of "FUZZY" rules once?
There still are.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
On Fri, 12 May 2023, Matija Nalis wrote:
I wonder if someone has already done it, and something sufficiently
similar to be used to that purpose?
There are a lot of ReplaceTags rules in the base ruleset.
I don't know if offhand that works with header rules.
--
John Hardin KA7OHZ
But I was more interested if SA already has something like that?
It does not.
Weren't there a whole set of "FUZZY" rules once? I'm pretty sure that they
looked for words in in the subject and maybe body of the email that had
exactly this sort of obfuscation. I don't think they were applied
On 2023-05-12 at 15:16:59 UTC-0400 (Fri, 12 May 2023 21:16:59 +0200)
Matija Nalis
is rumored to have said:
> But I was more interested if SA already has something like that?
It does not.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com
On Fri, May 12, 2023 at 05:32:30PM +0200, Reindl Harald wrote:
> > On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> > > On Fri, 12 May 2023, Matija Nalis wrote:
> > > > That is because those domains are not EQUAL? Od did you wanted a
> > > > rule that checks only on SIMILAR domain
On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> On Fri, 12 May 2023, Matija Nalis wrote:
> > That is because those domains are not EQUAL? Od did you wanted a
> > rule that checks only on SIMILAR domain names (e.g. with lowercase
> > letter "L" replaced with number "1" as in your
On Fri, 12 May 2023, Matija Nalis wrote:
On Thu, May 11, 2023 at 09:41:34PM +, Marc wrote:
I was wondering if spamassassin is applying some sort of algorithm to
comparing sender domain against recipient domain to detect a phishing
attempt?
[snip..]
That is because those domains
On Thu, May 11, 2023 at 09:41:34PM +, Marc wrote:
> > > I was wondering if spamassassin is applying some sort of algorithm to
> > > comparing sender domain against recipient domain to detect a phishing
> > > attempt?
> >
> > There is a suite of meta r
>
> > I was wondering if spamassassin is applying some sort of algorithm to
> > comparing sender domain against recipient domain to detect a phishing
> > attempt?
>
> There is a suite of meta rules and subrules with names containing
> TO_EQ_FROM in the default r
>
>
> what useful information would you be looking for from this kind of
> comparison?
sen...@a1exander.com
recipi...@alexander.com
* 3.9 PHISHING 1=l attempt
I assume there are some character substitude algorithms available, maybe an
adapted version of an algorithm that tries to detect
On 2023-05-11 at 16:22:12 UTC-0400 (Thu, 11 May 2023 20:22:12 +)
Marc
is rumored to have said:
I was wondering if spamassassin is applying some sort of algorithm to
comparing sender domain against recipient domain to detect a phishing
attempt?
There is a suite of meta rules and subrules
023, Marc wrote:
I was wondering if spamassassin is applying some sort of algorithm to comparing
sender domain against recipient domain to detect a phishing attempt?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 S
I was wondering if spamassassin is applying some sort of algorithm to comparing
sender domain against recipient domain to detect a phishing attempt?
18 matches
Mail list logo
