Is there a rule to catch cases where the domain of the Reply-To header
is a subtle variant on that in the To header. Take this (real) example
from a phishing email sent yesterday:
From: "Karen Howard"
Reply-To: "Karen Howard"
I realise that other elements of the address can be different
On Fri, 19 Feb 2021 07:13:14 -0800 (PST)
John Hardin wrote:
> uOn Fri, 19 Feb 2021, Dan Malm wrote:
>
> > I have a system that received mail from a webmail product that adds
> > a X-Originating-IP header with the IP of the webmail user.
> >
> > Since Spamassassin for some reason considers that
On 2021-02-19 19:20, RW wrote:
No, it's the IP addresses of the client connecting to the webmail
server.
this is why i still do sasl on ::1 :=)
good solution to fix the above is to create another inet listerner for
web apps that is not spamassassin scanned, or simple shotcurrit its
futute
On Fri, 19 Feb 2021 15:41:27 +0100
Benny Pedersen wrote:
> On 2021-02-19 15:33, RW wrote:
> > On Fri, 19 Feb 2021 15:09:14 +0100
> > Benny Pedersen wrote:
> >> imho not needed if the ip is in both internal_networks and
> >> trusted_networks
> >
> > Typically these addresses are ISP dynamic
uOn Fri, 19 Feb 2021, Dan Malm wrote:
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with the IP of the webmail user.
Since Spamassassin for some reason considers that to be a
Received-header that results in all mails from the webmail hitting the
On Fri, 19 Feb 2021, Giovanni Bechis wrote:
On 2/19/21 1:09 AM, John Hardin wrote:
On Thu, 18 Feb 2021, Giovanni Bechis wrote:
On 2/18/21 6:37 PM, Ricky Boone wrote:
Just wanted to forward an example of an interesting URL obfuscation
tactic observed yesterday.
On 2021-02-19 15:33, RW wrote:
On Fri, 19 Feb 2021 15:09:14 +0100
Benny Pedersen wrote:
On 2021-02-19 13:48, Alex Woick wrote:
> Dan Malm schrieb am 19.02.2021 um 13:28:
>> I have a system that received mail from a webmail product that
>> adds a X-Originating-IP header with the IP of the
On Fri, 19 Feb 2021 15:09:14 +0100
Benny Pedersen wrote:
> On 2021-02-19 13:48, Alex Woick wrote:
> > Dan Malm schrieb am 19.02.2021 um 13:28:
> >> I have a system that received mail from a webmail product that
> >> adds a X-Originating-IP header with the IP of the webmail user.
> >>
> >>
On 2021-02-19 13:48, Alex Woick wrote:
Dan Malm schrieb am 19.02.2021 um 13:28:
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with the IP of the webmail user.
Since Spamassassin for some reason considers that to be a
Received-header that results
On Thu, 18 Feb 2021 16:08:01 -0800 (PST)
John Hardin wrote:
> In our case it's best to upload an entire email (all headers intact
> and with as little obfuscation as possible) to something like
> Pastebin, then post the URL to that here so it can be downloaded.
...
> For just URLs, though,
Dan Malm schrieb am 19.02.2021 um 13:28:
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with the IP of the webmail user.
Since Spamassassin for some reason considers that to be a
Received-header that results in all mails from the webmail hitting
Hi,
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with the IP of the webmail user.
Since Spamassassin for some reason considers that to be a
Received-header that results in all mails from the webmail hitting the
RDNS_NONE rule (only IP is added in
On 2/19/21 1:09 AM, John Hardin wrote:
> On Thu, 18 Feb 2021, Giovanni Bechis wrote:
>
>> On 2/18/21 6:37 PM, Ricky Boone wrote:
>>> Just wanted to forward an example of an interesting URL obfuscation
>>> tactic observed yesterday.
>>>
>>>
13 matches
Mail list logo
