On 14/09/17 19:59, Loren Wilton wrote:
Should be easy to block. Just block the cron-job.org domain.
As someone else mentioned that address is an obvious joe-job. And
scoring it high doesn't help that much. It worked for the first few
weeks, then they went to contact@<random string> to presumably get
around that. I was surprised to see in the last few that they had gone
back to the cron-job.org domain for the fake sender.
For some reason these are bypassing SA on my system, I suspect due to
the size.
I had to add on my systems a while ago an
/etc/mail/spamassassin/spamc.conf containing:
-s 2000000
to increase the maximum size of emails passed to SA. It seems some
spammers have cottoned onto the fact that 256KB is still hardwired
somewhere in SA, and started sending spam just above that threshold to
bypass the filter.
