On Thu, 23 Aug 2012 01:33:56 +0100
Ned Slider wrote:
> # Fedex
> header__LOCAL_FROM_FEDEX Return-Path:addr
> =~ /\@fedex\.com$/i meta
> LOCAL_SPF_FEDEX ((SPF_SOFTFAIL || SPF_FAIL) &&
> __LOCAL_FROM_FEDEX) describe LOCAL_SPF_FEDEX
> Fedex SPF Fail
>
> and if I w
Well i can help with a plugin to automate things but i can only automate
something once it is done a few times. Have you written the rules you think
will help for say two of the domain's?
Have you collected example ham and spam?
You have a good idea but without specifics, i don't know the patter
On 23/08/12 04:31, Kevin A. McGrail wrote:
On 8/22/2012 8:33 PM, Ned Slider wrote:
So if I hit all mail claiming to be sent from fedex.com that fails SPF
I can easily weed out all the fakes:
# Fedex
header __LOCAL_FROM_FEDEX Return-Path:addr =~ /\@fedex\.com$/i
meta LOCAL_SPF_FEDEX ((SPF_SOFTFA
On 23/08/12 12:08, RW wrote:
On Thu, 23 Aug 2012 01:33:56 +0100
Ned Slider wrote:
# Fedex
header __LOCAL_FROM_FEDEX Return-Path:addr
=~ /\@fedex\.com$/i meta
LOCAL_SPF_FEDEX ((SPF_SOFTFAIL || SPF_FAIL)&&
__LOCAL_FROM_FEDEX) describeLOCAL_SPF_FEDEX
Fedex SPF Fail
and i
I think the idea has merit. Can you open a bug in bugzilla, please? My
goals are to get some more polish on masscheck and put out a 3.4.0 rc1
and deal with the 3.4.X infrastructure changes. After that I'll offer
to work with you on this if no one steps up by then.
regards,
KAM
> I guess what we are looking for is a plugin that can take a list of
> commonly abused domains known to have valid SPF records or valid DKIM
> signatures, and to be able to apply a (stronger) score to those messages
> that fail the SPF and/or DKIM test.
Several common domains that do provide a
Let's take wellsfargo.com (Wells Fargo Bank) as an example.
If the FCrDNS of the connecting server is *.wellsfargo.com it is ham.
If wellsfargo.com is in the received lines and not forged it is ham.
If wellsfargo.com is in the received headers and it is forged it is spam.
If wellsfargo.com is in
On 23/08/12 18:18, Marc Perkel wrote:
Let's take wellsfargo.com (Wells Fargo Bank) as an example.
If the FCrDNS of the connecting server is *.wellsfargo.com it is ham.
If wellsfargo.com is in the received lines and not forged it is ham.
If wellsfargo.com is in the received headers and it is forg
Great idea - but don't under-estimate the amount of work. Someone
thought there'd be "only" 20-30 domains to be covered - but I'd say
that's actually 20-30 domains PER COUNTRY.
Here in New Zealand we get a lot of phishing attacks using New Zealand
banks - just like you get spam referring to your o
That's my opinion too.
Therefor the community will have to contribute to the list of which
domain to add or not.
Alex, from osmose.
Bow before me, for I am root.
On 12-08-23 07:20 PM, Jason Haar wrote:
> Great idea - but don't under-estimate the amount of work. Someone
> thought there'd be "onl
10 matches
Mail list logo
