Good day Guys
We are seeing quite a few of the following spam, been delivered to our
users.
https://pastebin.com/raw/43VqDPTy
Notice the:
You have 5 Incoming messages t=
hat could not be delivered to eunice@REMOVED
Retrieve Messages and reconfigure SMTP server to avoid losing important fil=
es and messages.
Then at the bottom, see the URL try and catch the recipient.
This email it to serve as a FYI to the community and maybe a global rule
can pushed out, and secondly to ask if someone can please peer review my
below ruleset. It works, I am just wondering if it can be done better.
header HTEST Subject =~
/[0-9]?\s?(Underliverable|Incoming)?\sMessages\s(for|failed)?\s?(for)?/i
score HTEST 0.01
describe HTEST Testing new rule
Many thanks
Brent Clark
