Hello
we seem to be getting a lot of phishing attempts let through the filter, is there something I can do to combat this? Also a lot of word docs are coming through as invoices and the .doc has a link in them, how can I stop these?
Thanks
Will
Phishing attempts
- shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Phishing attempts
Do you have a Spam Report on one of them you can share?
Re: Phishing attempts
Here ia s a report
Score Matching Rule Description
cached not
score=3.271
3.6 required
0.00 BAYES_50 Bayesian spam probability is 40 to 60%
1.00 BOTNET Relay might be a spambot or virusbot
2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS
Score Matching Rule Description
cached not
score=3.271
3.6 required
0.00 BAYES_50 Bayesian spam probability is 40 to 60%
1.00 BOTNET Relay might be a spambot or virusbot
2.17 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS
- shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Phishing attempts
This one has obviously flown under your radar (although barely)...
Here are some options... you can use them all or in combination
1) Keep feeding the Bayesian filter to increase the spam probability
2) If you are not using greylisting, you may want to consider using it
3) If it is from the same sources, just blacklist at domain or ip level system wide (From: somespammer.net To: default)
4) Lower your spam threshold a little more (increases risk of marking legit emails as spam)
5) Override some of the rules listed in your spam report to increase their score in local.cf
6) Install ScamNailer (http://www.scamnailer.info/)
Here are some options... you can use them all or in combination
1) Keep feeding the Bayesian filter to increase the spam probability
2) If you are not using greylisting, you may want to consider using it
3) If it is from the same sources, just blacklist at domain or ip level system wide (From: somespammer.net To: default)
4) Lower your spam threshold a little more (increases risk of marking legit emails as spam)
5) Override some of the rules listed in your spam report to increase their score in local.cf
6) Install ScamNailer (http://www.scamnailer.info/)
Re: Phishing attempts
Thanks for the pointers
Would it be realistic for scamnailer to be incuded in the EFA build?
Will
Would it be realistic for scamnailer to be incuded in the EFA build?
Will
- shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact: