On Tue, Dec 15, 2009 at 3:51 PM, Mike Cardwell
<spamassassin-us...@lists.grepular.com> wrote:
> That particular email was sent from a host in Nigeria connecting to a host
> in Brazil. The Nigerian host is listed on Barracuda, the SBL and the XBL.
Is there a way to write a rule to tag mails which are hitting web
mails via proxy?
Received: from 189.85.80.211 (proxying for 41.220.75.17)
(SquirrelMail authenticated user kyho...@bigrivertel.net)
by webmail.bigrivertel.net with HTTP; Mon,
While not conclusive, hitting web mails via a proxy and having user
name and password string along with destination domain name in body of
the mail is a good indication of a password phishing mail.
raj
