Peter skrev den 2024-07-12 05:25:
I have been getting spam from outlook.com (surprise) and a defining
feature
is that the same emnail address is used as the To: and CC: address.
Is there a way for Spamassassin to detect that?
i have a plugin, but not one i need anymore :)
lets see if thay dont send spam
ifplugin Mail::SpamAssassin::Plugin::WLBLEval
enlist_addrlist (SPAM_FROM_MICROSOFT) *@outlook.com
enlist_addrlist (SPAM_FROM_MICROSOFT) *@hotmail.com
header SPAM_FROM_MICROSOFT
eval:check_from_in_list('SPAM_FROM_MICROSOFT')
score SPAM_FROM_MICROSOFT 3 3 3 3
describe SPAM_FROM_MICROSOFT Other untrustworthy From
endif # ifplugin Mail::SpamAssassin::Plugin::WLBLEval
for worst tlds
ifplugin Mail::SpamAssassin::Plugin::WLBLEval
enlist_addrlist (GREY_TLDS) *.com
enlist_addrlist (GREY_TLDS) *.online
enlist_addrlist (GREY_TLDS) *.site
enlist_addrlist (GREY_TLDS) *.store
enlist_addrlist (GREY_TLDS) *.sbs
enlist_addrlist (GREY_TLDS) *.org
enlist_addrlist (GREY_TLDS) *.net
enlist_addrlist (GREY_TLDS) *.xyz
enlist_addrlist (GREY_TLDS) *.cfd
enlist_addrlist (GREY_TLDS) *.top
enlist_addrlist (GREY_TLDS) *.shop
enlist_addrlist (GREY_TLDS) *.fun
enlist_addrlist (GREY_TLDS) *.website
enlist_addrlist (GREY_TLDS) *.cn
enlist_addrlist (GREY_TLDS) *.cloud
enlist_addrlist (GREY_TLDS) *.tech
enlist_addrlist (GREY_TLDS) *.ru
enlist_addrlist (GREY_TLDS) *.co
enlist_addrlist (GREY_TLDS) *.info
enlist_addrlist (GREY_TLDS) *.space
header GREY_TLDS eval:check_replyto_in_list('GREY_TLDS')
score GREY_TLDS 0.1 0.1 0.1 0.1
describe GREY_TLDS Other untrustworthy TLDS
endif # ifplugin Mail::SpamAssassin::Plugin::WLBLEval
adjust score as you need
