Blocking cannibalized spam/virus mail with password-protected attachments
Marco
falon at ruparpiemonte.it
Fri Jul 2 13:40:46 CEST 2021
Il 22/12/2020 09:39, Nikolaos Milas has written:
> On 22/12/2020 10:24 π.μ., Nikolaos Milas wrote:
>
>> Can you please suggest ways in which we can configure amavis so as to
>> recognize and drop this kind of mail?
>
> Another, probably better, approach would be to add to amavis a scan rule
> like:
>
> If body contains text like:
>
> Password archivio: XXXX
> -or-
> Archive pass: XXXX
>
> [where XXXX is a 3- or 4-digit number]
Hello,
during many years I didn't find a valid solution yet.
If you write a rule, you should update the rule for every variant. They
change frequently.
If you block the encrypted content some customer will complain.
I'm trying the bodyre hashbl rule approach: I hash the content ("pass:
XXX") and I put it on a local DNSBL. It's easier for me.
Warm Regards
Marco
More information about the amavis-users
mailing list