Phishing attempts

[b19wll]

Hello

we seem to be getting a lot of phishing attempts let through the filter, is there something I can do to combat this? Also a lot of word docs are coming through as invoices and the .doc has a link in them, how can I stop these?

Thanks

Will

[shawniverson]

Do you have a Spam Report on one of them you can share?

[b19wll]

Here ia s a report

Score Matching Rule Description
cached not
score=3.271
3.6 required
0.00 BAYES_50 Bayesian spam probability is 40 to 60%
1.00 BOTNET Relay might be a spambot or virusbot
2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS

[shawniverson]

This one has obviously flown under your radar (although barely)...

Here are some options... you can use them all or in combination

1) Keep feeding the Bayesian filter to increase the spam probability
2) If you are not using greylisting, you may want to consider using it
3) If it is from the same sources, just blacklist at domain or ip level system wide (From: somespammer.net To: default)
4) Lower your spam threshold a little more (increases risk of marking legit emails as spam)
5) Override some of the rules listed in your spam report to increase their score in local.cf
6) Install ScamNailer (http://www.scamnailer.info/)

[b19wll]

Thanks for the pointers

Would it be realistic for scamnailer to be incuded in the EFA build?

Will

[shawniverson]

Yes.

https://github.com/E-F-A/v3/issues/45