I have been reading other threads about white list problems. In the past week this college has been phished very successfully two times. Each time the rules I added to increase the score of college specific phishing email were counter balanced. On Saturday night it was the white-list score from RCVD_IN_DNSWL_MED (-4.00) for a compromised government account. On Monday morning it was the white-list score from HABEAS_ACCREDITED_SOI (-4.30) for a compromised commercial account.
In each of these cases, it was the first time I realized the rule used had an associated list being used of which I was previously unaware. How do I determine how many other such lists are being used without my knowledge? -- Robert Lopez Unix Systems Administrator Central New Mexico Community College (CNM) 525 Buena Vista SE Albuquerque, New Mexico 87106
