Hi all, We have some strong spam attacks done by combination of our webmail, viruses and open proxies.
Situation is like this: Our outgoing SMTP server is open only for users from our IP addresses and is filtered for rest of the world. Our webmail interface is open to whole world as our users need to access it from anywhere (of course they have to log in first). Spammers are stilling passwords from some of our users by using viruses (passwords are stolen, not guessed or brute force cracked). Spammers have application which is able to authenticate to our webmail interface and post email :) After posting email by webmail interface, message is routed to our outgoing SMTP server. It is scanned by spamd from SpamAssassin but it get low score. Low score is from tests ALL_TRUSTED and/or BAYES_xx and/or AWL. I'm not sure if we can remove webmail IP address from trusted networks because we can get to much false positives by doing that (as we had in the past). For low scores BAYES_xx I have idea to lower default scores in cf. Any other idea? For AWL problem I have one question. If I understood right, AWL is based on >From address. Is it possible to fast change algorithm of AWL to be bases on unique combination of From and To addresses? Or maybe on even complicated Header-From, Header-To, Envelope-From, Envelope-To tuple? In that way AWL will much better track habits of users. Or if anybody had same problems I'm open to any suggestions. Regards, Giga -- View this message in context: http://www.nabble.com/Webmail-spammers-tp22273077p22273077.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
