Hi,
txbweb.de is my private address only for testing and learning. The
domain of the company I m working for is affected. And for this company
domain it already exists an spf entry.
root@mailserver1 /etc # host -t TXT domain.de
domain.de descriptive text "v=spf1 ip4:188.40.xxx.xx -all"
And th
Am 01.02.2016 um 17:22 schrieb Thomas Barth:
Hi,
txbweb.de is my private address only for testing and learning. The
domain of the company I m working for is affected. And for this company
domain it already exists an spf entry.
root@mailserver1 /etc # host -t TXT domain.de
domain.de descriptive
Am 01.02.2016 um 16:23 schrieb Benny Pedersen:
> On 2016-02-01 13:57, Axb wrote:
>
>> SA mimeheader rules
>> To save cycles, I'd opt for rejecting at smtp level with Postfix mime
>> header checks.
>
> postfix mime is not as good as clamav-milter, if one really want to
> limit resources use milter
maybe you learn about SPF then..
Am 01.02.2016 um 16:23 schrieb Thomas Barth:
The Mails with docs attached are getting rejected successfully. I m
getting a lot of these mails from a botnet now, each mail with a
different generated mail suffix, but always with our top level domain. I
hope tha
On 2016-02-01 13:57, Axb wrote:
SA mimeheader rules
To save cycles, I'd opt for rejecting at smtp level with Postfix mime
header checks.
postfix mime is not as good as clamav-milter, if one really want to
limit resources use milter-regex, but that have no unpack of malware in
zip/rar or othe
The Mails with docs attached are getting rejected successfully. I m
getting a lot of these mails from a botnet now, each mail with a
different generated mail suffix, but always with our top level domain. I
hope that we dont get problems that the spammers are using our main
domain for spreading
Ok thank you for your solution. I also found the definitions in the
amavis conf file 20-debian_defaults
root@mailserver1 /etc # grep -nri "exe" /etc/amavis/
/etc/amavis/conf.d/20-debian_defaults:115:
qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
/etc/amavis/conf.d/20-debian_defaults
Am 01.02.2016 um 15:05 schrieb Thomas Barth:
No viruses were found.
Banned name: .exe,.exe-ms,23676883772984656662(1).doc.exe
Content type: Banned
Not quarantined.
The message WAS NOT relayed to:
xxx
554 5.7.0 Reject, id=09201-09 - BANNED:
.exe,.exe-ms,23676883772984656662(1).doc.exe
This mess
Hi,
but the system is already configured to bann mails with special
documents attached, even when no virus were found. Here is an example
message I get when a message wasnt relayed to recipient:
content_banned.txt
BANNED contents (.exe,.exe-ms,23676883772984656662(1).doc.exe) in mail FROM
[xxx
On Mon, 01 Feb 2016 13:06:15 +
Martin Gregorie wrote:
> Install the MimeMagic plugin if you haven't already done so. This lets
> you write rules against an attachment's Mime header,
I've not heard of MimeMagic, but what you are describing sounds like
MIMEHeader, which is a standard part of
On 01/02/16 12:48, Thomas Barth wrote:
Hi,
for a week or so I get a lot of mails with bills as doc-documents and
Spamassassin is actually not able to mark it as spam. The documents
contain a macro.
I find that the Sanesecurity Badmacro rules are catching these nicely -
http://sanesecurity.com/
On Mon, 2016-02-01 at 13:48 +0100, Thomas Barth wrote:
> Hi,
> for a week or so I get a lot of mails with bills as doc-documents and
> Spamassassin is actually not able to mark it as spam. The documents
> contain a macro. AMaVis is configured to reject all spam-mails
> directly
> (no store&forwar
On 02/01/2016 01:48 PM, Thomas Barth wrote:
Hi,
for a week or so I get a lot of mails with bills as doc-documents and
Spamassassin is actually not able to mark it as spam. The documents
contain a macro. AMaVis is configured to reject all spam-mails directly
(no store&forward). How can I configure
Am 01.02.2016 um 13:48 schrieb Thomas Barth:
for a week or so I get a lot of mails with bills as doc-documents and
Spamassassin is actually not able to mark it as spam
it is able
combined BAYES scores and other rules on a proper trained SA leads to
99.9% milter-reject rate of these malware
Hi,
for a week or so I get a lot of mails with bills as doc-documents and
Spamassassin is actually not able to mark it as spam. The documents
contain a macro. AMaVis is configured to reject all spam-mails directly
(no store&forward). How can I configure Spamassassin to mark all mails
with doc-
15 matches
Mail list logo
