On Sat, 13 Jan 2018, Alex wrote:
From: "F*e dE x"
That address hardly resembles "Fed Ex", but how general of a rule can
we create and still catch variations such as this?
I thought something like this would work:
headerFUZZY_FEDEX From =~
/(?!f.?e.?d.{0,3}e.?x).?.?.{0,3}.?/i
To fully
On 01/17/18 07:14, Pedro David Marco wrote:
> Hi,
>
> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
> triggers for valid hotmail messages... (SA 3.4.1)
>
> This small change solves the problem but i do not know whether it is the
> correct way... maybe "hotmail" strin
On 01/17/2018 11:59 AM, Giovanni Bechis wrote:
On 01/17/18 07:14, Pedro David Marco wrote:
Hi,
FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers
for valid hotmail messages... (SA 3.4.1)
This small change solves the problem but i do not know whether it is the corr
On 01/17/18 19:29, David Jones wrote:
> On 01/17/2018 11:59 AM, Giovanni Bechis wrote:
>> On 01/17/18 07:14, Pedro David Marco wrote:
>>> Hi,
>>>
>>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
>>> triggers for valid hotmail messages... (SA 3.4.1)
>>>
>>> This small chan
Would a plugin need to be created (or an existing one enhanced) to be
able to detect this type of spoofed From header?
From: "h...@hulumail.com !"
https://pastebin.com/vVhGjC8H
Does anyone else think this would be a good idea to make a rule that at
least checks both the From:name and From:ad
Yes, I think it's a security risk and numerous phishing scams use this.
On 1/17/2018 2:31 PM, David Jones wrote:
Would a plugin need to be created (or an existing one enhanced) to be
able to detect this type of spoofed From header?
From: "h...@hulumail.com !"
https://pastebin.com/vVhGjC8H
D
I swear I came across a rule like this just the other day, but now I
can't find it, which is probably a sign of faulty memory. In any
case, the existing HeaderEval Plugin seems like a good place for this
(it already does a check for EnvFrom and From domain mismatches).
On Wed, 17 Jan 2018, Davi
On Wed, 2018-01-17 at 13:31 -0600, David Jones wrote:
> Would a plugin need to be created (or an existing one enhanced) to
> be
> able to detect this type of spoofed From header?
>
> From: "h...@hulumail.com !"
>
> https://pastebin.com/vVhGjC8H
>
> Does anyone else think this would be a good i
I started working on this, and quickly realized the hard part is
determining/parsing the domain out of the From:name variable.
Is there any existing code in SA that "recognizes" email addresses
that can be called and/or re-used?
On Wed, 17 Jan 2018, David Jones wrote:
Would a plugin need to be
On Wed, 17 Jan 2018 15:32:38 -0600 (CST)
sha...@shanew.net wrote:
> I started working on this, and quickly realized the hard part is
> determining/parsing the domain out of the From:name variable.
I think the hard part is handling IDNs, e.g.
"=?UTF-8?B?Zm9vQGLDvGNoZXIuY29t?="
the display name
10 matches
Mail list logo
