[Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

tlhackque tlhackque at yahoo.com
Wed Sep 27 07:45:31 EDT 2017


Don't match X-Spam-Score unless you are extracting the value and doing
computation.  Note that the value isn't necessarily numeric - e.g.
'undef - is whitelisted' is a valid value, as are '-1.6 (-)',
'0.70 () [Tag at 5.00] COMBINED_FROM,SUBJ_YOUR_DEBT,SPF(pass,0)' and '0.00%'

Instead, match X-Spam-Level, which is designed for regex matching.

This will have a value of '*' for score 1, '**********' for score 10, etc.

So match for the minimum score that you consider spam.  (Obviously, in a
regex, you have to quote the *).

E.g. '^\*\*\*\*\*\*\*\*\*' will match a score of 9 or higher.

On 26-Sep-17 09:23, Richard Shetron wrote:
> Spamassassin produces a numeric rating for for an email based on
> multiple rules.  Legitimate email can easily get a rating of 3 or 4
> based on the way you have it configured.  I've seen double digit
> ratings as well.  If you check for a single digit, you may be
> filtering legitimate emails that have a low score.
> On 9/26/2017 7:58 AM, Robert Heller wrote:
> [snip]
>> I also use Spamassassin on my server, so having a rule like:
>> "X-Spam-Score: \d"
>> is also helpful at catching spam and phishing mail.
> [snip]

More information about the Mailman-Users mailing list