Blocking cannibalized spam/virus mail with password-protected attachments
Dusan Obradovic
dusan at euracks.net
Wed Dec 23 19:54:29 CET 2020
Amavis *should* detect encrypted archive mail and log as “UNCHECKED-ENCRYPTED”. Disposition of such mail is dependent on CC_UNCHECKED (final destiny) in your amavisd.conf. There is a setting to rewrite Subject when unchecked disposition is set to pass.
* a string can be prepended to Subject (for local recipients only)
if mail could not be decoded or checked entirely, e.g. due to
password-protected archives or non-decodable mail bombs:
$undecipherable_subject_tag = '***UNCHECKED*** '; # undef disables it
> On 22.12.2020., at 09:25, Nikolaos Milas <nmilas at noa.gr> wrote:
>
> Hello,
>
> We are facing the following problem:
>
> We are receiving floods of spam mail which mainly consist of excerpts from older legitimate mail (and with identical Subject text). These mails have been fitted with password-protected zip files (which are virus-infected) - so that they cannot be scanned - and in the body of the mail is included the password of these zip files.
More information about the amavis-users
mailing list