You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Benny Pedersen <me...@junc.eu> on 2015/08/07 15:22:10 UTC
Fwd: Good New !!!
Forefront sez this is spam, and now olso accept and bounce it, From:
header have no @
possible update rules
-------- Original besked --------
Emne: Good New !!!
Dato: 2015-08-07 06:20
Afsender: Prince Alwaleed Bin Talal
Modtager: Recipients
Svar til: __removed__
Message from Saudi Arabia Prince Alwaleed Bin Talal for his charity
donation and You have been selected as recipient/benefactor for $2.5
Million Dollars from Alwaleed Philanthropic Foundation Grant.for more
information contact us.
Best Regards
Ahmad Sadiq Azizi HR
Re: Fwd: Good New !!!
Posted by Benny Pedersen <me...@junc.eu>.
Axb skrev den 2015-08-07 17:58:
> If you use Postfix.... apply hammer instead of low scored
> AXB_X_FF_SEZ_S (which applies score to that header)
+1
> pcre headercheck
>
> if /^X-Forefront-Antispam-Report/
> /SFV\:SPM/ REJECT
> endif
i did recieve it as a dsn, so where is there dkim showing thay did not ?
if more do reject, that could possible help to show there ignorance on
accept and bounce
rule above added to postfix, solved
or possible i will create a clamav signature on it
Re: Fwd: Good New !!!
Posted by Axb <ax...@gmail.com>.
On 07.08.2015 16:49, Benny Pedersen wrote:
> Axb skrev den 2015-08-07 15:30:
>> On 07.08.2015 15:22, Benny Pedersen wrote:
>>> Forefront sez this is spam, and now olso accept and bounce it, From:
>>> header have no @
>>>
>>> possible update rules
>>
>> ??? what do you mean?
>>
>> You're welcome to submit a rule...
>
> +1
>
> it will be one that hits forefront for not using opendkim, and not
> reject invalid mails
>
> * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
> http://www.dnswl.org/, no
> * trust
> * [157.56.110.246 listed in list.dnswl.org]
> * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
> * [157.56.110.246 listed in wl.mailspike.net]
> * 2.5 AXB_X_FF_SEZ_S Forefront sez this is spam
> * 1.2 TO_MALFORMED To: has a malformed address
> * 1.0 NIXSPAM_IXHASH No description available.
> * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> * 0.0 LOTS_OF_MONEY Huge... sums of money
> * 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
> * 3.3 SAGREY Adds score to spam from first-time senders
>
> note spf helo pass where is spf pass ?, uhu lost in a dsn :=)
>
> FROM_MALFORMED when @ is missing in From: header
>
> not done yet
>
> atleast i can see missing @ in from header is giving freemail forged, neat
If you use Postfix.... apply hammer instead of low scored AXB_X_FF_SEZ_S
(which applies score to that header)
pcre headercheck
if /^X-Forefront-Antispam-Report/
/SFV\:SPM/ REJECT
endif
Re: Fwd: Good New !!!
Posted by Benny Pedersen <me...@junc.eu>.
Axb skrev den 2015-08-07 15:30:
> On 07.08.2015 15:22, Benny Pedersen wrote:
>> Forefront sez this is spam, and now olso accept and bounce it, From:
>> header have no @
>>
>> possible update rules
>
> ??? what do you mean?
>
> You're welcome to submit a rule...
+1
it will be one that hits forefront for not using opendkim, and not
reject invalid mails
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no
* trust
* [157.56.110.246 listed in list.dnswl.org]
* -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [157.56.110.246 listed in wl.mailspike.net]
* 2.5 AXB_X_FF_SEZ_S Forefront sez this is spam
* 1.2 TO_MALFORMED To: has a malformed address
* 1.0 NIXSPAM_IXHASH No description available.
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 0.0 LOTS_OF_MONEY Huge... sums of money
* 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
* 3.3 SAGREY Adds score to spam from first-time senders
note spf helo pass where is spf pass ?, uhu lost in a dsn :=)
FROM_MALFORMED when @ is missing in From: header
not done yet
atleast i can see missing @ in from header is giving freemail forged,
neat
Re: Fwd: Good New !!!
Posted by Axb <ax...@gmail.com>.
On 07.08.2015 15:22, Benny Pedersen wrote:
> Forefront sez this is spam, and now olso accept and bounce it, From:
> header have no @
>
> possible update rules
??? what do you mean?
You're welcome to submit a rule...
>
> -------- Original besked --------
> Emne: Good New !!!
> Dato: 2015-08-07 06:20
> Afsender: Prince Alwaleed Bin Talal
> Modtager: Recipients
> Svar til: __removed__
>
> Message from Saudi Arabia Prince Alwaleed Bin Talal for his charity
> donation and You have been selected as recipient/benefactor for $2.5
> Million Dollars from Alwaleed Philanthropic Foundation Grant.for more
> information contact us.
>
> Best Regards
> Ahmad Sadiq Azizi HR