Hello,
I have received spam from:
From: "Linda marry (via Google Drive)" <drive-shares-nore...@google.com>
it wasn't catches because of:
60_whitelist_auth.cf:def_welcomelist_auth *@google.com
Now that users can abuse google.com domain, isn't it time to remove
*@google.com from def_whitelist_* ?
the full header:
X-Spam-Report:
* 3.5 L_URIBL_FANTOMAS contains locally blocklisted URI
* [URIs: sites.google.com]
* 0.5 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000]
* 4.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [209.85.167.206 listed in wl.mailspike.net]
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
* https://www.dnswl.org/, no trust
* [209.85.167.206 listed in list.dnswl.org]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
* -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM
* white-list
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author's domain
* 1.0 GOOGLE_DRIVE_REPLY_BAD_NTLD From Google Drive and Reply-To is
* from a suspicious TLD
I even have following in my local.cf to be able to carch google
docs/drive/whatever spam via URIBL:
clear_uridnsbl_skip_domain goo.gl google.com
util_rb_2tld google.com
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
