Quite an overhead you are suggesting / proposing there, dont you think?
All the OP needs to do is, first and foremost, sort out that
USER_IN_WHITELIST.
Then I recommend throwing in KAM rules and extremeshoks fromreplyto plugin.
And if the OP is really serious, enable Sane security signatures.
I would also enable Googles Safe Browsing database via Clamav.
HTH
Brent
On 2020/02/26 11:02, Marc Roos wrote:
You should maintain also your own rbl with soft and hard blocking of ip
ranges. Problem with only marking emails is, is that the spam network is
not 'learning' that their emails are being blocked.
-----Original Message-----
To: users@spamassassin.apache.org
Subject: From Spoofed
Hey Folks,
I have a user that is getting many emails with obscene subjects.
Someone is spoofing the From to include the users domain so the email is
hitting "USER_IN_WHITELIST". I have installed the plugins from
extremeshok and it has not stopped the problem.
Emails have header info such as:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail
X-Spam-Level:
X-Spam-Status: No, score=-60.8 required=5.0
tests=ALL_CODING,ALL_OZ,BAYES_99,
BAYES_999,FROM_EXCESS_BASE64,HTML_IMAGE_ONLY_12,HTML_MESSAGE,
HTML_SHORT_LINK_IMG_2,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,
RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,RCVD_IN_SORBS_WEB,RCVD_IN_X
BL,
RDNS_NONE,SERGIO_SUBJECT_PORN014,SUBJECT_FUCKBUDDY,URIBL_ABUSE_SURBL,
URIBL_BLACK,URIBL_DBL_SPAM,URIBL_SBL,USER_IN_WHITELIST
autolearn=no
version=3.3.2
The SUBJECT_FUCKBUDDY rule has a score of 3.0 .
Subject line has "Hungry for a Fuckbuddy" . Sorry I can't paste, it
did not come through formatted properly when the user forwarded from
Outlook and it's gone from her Inbox on the server.
If I send a test email with Fuckbuddy in the subject from my GMail
account spamassassin catches it and it and sends it to the spam folder.
Ideas?
Thanks,
Robert
Robert A. Ober
IT Consultant, Vidcaster, & Freelancer
www.infohou.com
Houston, TX
