Blocking cannibalized spam/virus mail with password-protected attachments

Marco falon at
Fri Jul 2 13:40:46 CEST 2021

Il 22/12/2020 09:39, Nikolaos Milas has written:
> On 22/12/2020 10:24 π.μ., Nikolaos Milas wrote:
>> Can you please suggest ways in which we can configure amavis so as to 
>> recognize and drop this kind of mail?
> Another, probably better, approach would be to add to amavis a scan rule 
> like:
> If body contains text like:
>     Password archivio: XXXX
>     -or-
>     Archive pass: XXXX
>     [where XXXX is a 3- or 4-digit number]


  during many years I didn't find a valid solution yet.

If you write a rule, you should update the rule for every variant. They 
change frequently.

If you block the encrypted content some customer will complain.

I'm trying the bodyre hashbl rule approach: I hash the content ("pass: 
XXX") and I put it on a local DNSBL. It's easier for me.

Warm Regards


More information about the amavis-users mailing list