Hi, >> Recently I have received a wave of mails in the form >> From: word-olivier@somewhere.random >> To: oliv...@mydomain.com >> >> Where the "olivier" part is a valid username on my domain. >> >> Is there a rule to catch these with SA? > > SA does not have any way to know what the valid usernames in any domain > are. Without custom local rules, it doesn't even know what domains might > be valid for your mail system. You can, of course, create local rules > for specific users who get heavily targeted by this tactic. That does > not scale, but it can be useful.
Someone could have written a plugin that does just that. I think I could write one myself, it is quite basic programming, but I'd prefer to avoid re-inventing the wheel. > Special rules for high-spam individuals can also help by acting as > "canary" rules, if you use the 'autolearn_force' rule tflag. This way, > when a spammer using the specific pattern starts a run, you will catch > one match, autolearn it as spam, and (hopefully) recognize its sibling > messages as such. I will look at that too. Best regards, Olivier --
