spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Groach <groachmail-stopspammin...@yahoo.com>
Subject Re: Mailsploit
Date Wed, 13 Dec 2017 22:00:25 GMT


On 13/12/2017 21:38, Reindl Harald wrote:
>
>
> Am 13.12.2017 um 21:59 schrieb Groach:
>>>> Is there any suggestions on a rule or procedure to implement that will
>>>> help defend against the MAILSPLOIT type of spoofing?
>>> Seehttps://marc.info/?l=spamassassin-users&m=151265708616825&w=2 and

>>> follow-
>>> ups?
>>
>> Thanks for that.
>>
>> I followed the thread you mentioned:  I see that 'Kevin' says he has 
>> a rule in his personal KAM.cf and that there isnt anything published 
>> in base spamassassin scores.  (Or am I missing something)?
>>
>> So how does one:
>>
>> a,  obtain KAM.cf  or
>> b,  decipher the mechanism to which Kevin uses in order we can apply 
>> similar in our own local.cf
>
> and where is the problem copy the few lines to local.cf
>
> header    __KAM_MAILSPLOIT1     From =~ /[\0]/
> describe  __KAM_MAILSPLOIT1     RFC2047 Exploit 
> https://www.mailsploit.com/index
> header    __KAM_MAILSPLOIT2     From =~ /[\n]/
> describe  __KAM_MAILSPLOIT2     RFC2047 Exploit 
> https://www.mailsploit.com/index
> tflags    __KAM_MAILSPLOIT2     multiple maxhits=2
> meta      KAM_MAILSPLOIT        (__KAM_MAILSPLOIT1 || 
> (__KAM_MAILSPLOIT2 >= 2))
> describe  KAM_MAILSPLOIT        Mail triggers known exploits per 
> mailsploit.com
> score     KAM_MAILSPLOIT        6.0

No problem.  Of course I can do that but wanted to ask for other methods 
too in case there was a more reliable way to check and update when Keven 
updates his rules (to benefit from his other offerings).

Mime
View raw message