Re: [Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

2017-09-27 Thread tlhackque via Mailman-Users
SpamAssassin: Don't match X-Spam-Score unless you are extracting the value and doing computation.  Note that the value isn't necessarily numeric - e.g. 'undef - 10.0.0.23 is whitelisted' is a valid value, as are '-1.6 (-)', '0.70 () [Tag at 5.00] COMBINED_FROM,SUBJ_YOUR_DEBT,SPF(pass,0)' and '0.00

Re: [Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

2017-09-26 Thread Grant Taylor via Mailman-Users
On 09/26/2017 07:23 AM, Richard Shetron wrote: Spamassassin produces a numeric rating for for an email based on multiple rules.  Legitimate email can easily get a rating of 3 or 4 based on the way you have it configured.  I've seen double digit ratings as well.  If you check for a single digit,

Re: [Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

2017-09-26 Thread Robert Heller
At Tue, 26 Sep 2017 09:23:21 -0400 Richard Shetron wrote: > > Spamassassin produces a numeric rating for for an email based on > multiple rules. Legitimate email can easily get a rating of 3 or 4 > based on the way you have it configured. I've seen double digit ratings > as well. If you ch

Re: [Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

2017-09-26 Thread Richard Shetron
Spamassassin produces a numeric rating for for an email based on multiple rules. Legitimate email can easily get a rating of 3 or 4 based on the way you have it configured. I've seen double digit ratings as well. If you check for a single digit, you may be filtering legitimate emails that ha

Re: [Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

2017-09-26 Thread Robert Heller
One thing *I* have discovered is that "bogus" messages (eg phishing, etc. spam), often have various envlope headers that give them away. One is a "Reveived: " from a mail server with no reverse DNS ('Reveived: from ... (unknown [ddd.ddd.ddd.ddd])', so a spam filter rule like this: "Received: f

Re: [Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

2017-09-25 Thread Mark Sapiro
On 09/25/2017 03:49 AM, Ralf Hildebrandt wrote: > Recent phishing mails are targeting mailing-lists -- and do pass. > > From our logs: > Sep 25 12:10:41 2017 (1940) post to rundmail-it from > sabishi.meis...@charite.de, size=4760, > message-id=<486320030245.201792592...@charite.de>, success > >

[Mailman-Users] Recent phishing mails are targeting mailing-lists -- and do pass

2017-09-25 Thread Ralf Hildebrandt
Recent phishing mails are targeting mailing-lists -- and do pass. From our logs: Sep 25 12:10:41 2017 (1940) post to rundmail-it from sabishi.meis...@charite.de, size=4760, message-id=<486320030245.201792592...@charite.de>, success But the headers of the mail that was automatically passed (sinc