Page 1 of 1
Phishing attempts
Posted: 13 Nov 2014 09:37
by b19wll
Hello
we seem to be getting a lot of phishing attempts let through the filter, is there something I can do to combat this? Also a lot of word docs are coming through as invoices and the .doc has a link in them, how can I stop these?
Thanks
Will
Re: Phishing attempts
Posted: 15 Nov 2014 15:30
by shawniverson
Do you have a Spam Report on one of them you can share?
Re: Phishing attempts
Posted: 17 Nov 2014 11:29
by b19wll
Here ia s a report
Score Matching Rule Description
cached not
score=3.271
3.6 required
0.00 BAYES_50 Bayesian spam probability is 40 to 60%
1.00 BOTNET Relay might be a spambot or virusbot
2.17 DCC_CHECK Listed in DCC (
http://rhyolite.com/anti-spam/dcc/)
0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS
Re: Phishing attempts
Posted: 17 Nov 2014 23:44
by shawniverson
This one has obviously flown under your radar (although barely)...
Here are some options... you can use them all or in combination
1) Keep feeding the Bayesian filter to increase the spam probability
2) If you are not using greylisting, you may want to consider using it
3) If it is from the same sources, just blacklist at domain or ip level system wide (From: somespammer.net To: default)
4) Lower your spam threshold a little more (increases risk of marking legit emails as spam)
5) Override some of the rules listed in your spam report to increase their score in local.cf
6) Install ScamNailer (
http://www.scamnailer.info/)
Re: Phishing attempts
Posted: 19 Nov 2014 12:19
by b19wll
Thanks for the pointers
Would it be realistic for scamnailer to be incuded in the EFA build?
Will
Re: Phishing attempts
Posted: 22 Nov 2014 16:52
by shawniverson