On 09/28/2015 09:25 PM, Amir Caspi wrote:
Hi all,
So, one of my users has been getting dozens of spams per day lately, that have
been getting BAYES_999 but not triggering any other point rules. All of these spams have
forge warnings in the Received header, and it seems like it might be worth adding a
low-scoring "may be forged" rule... what do people think? (Apparently
HTML_FONT_LOW_CONTRAST is only a placeholder when network tests are enabled? Not sure
why, seems like it should be useful at all times.)
Two spamples:
http://pastebin.com/1AhK1DiU
http://pastebin.com/LVRy5Bu6
you may need to start looking at a local RBL and start blocking IP ranges
been blocking snowshoe from Baraka Streaming Technologies Inc
38.113.188.0/22 since 2014-06-18 - no complaints - ymmv
whois is your friend...
