[CentOS] Detecting empty office doc containing virus macro

Fri Oct 30 03:59:30 UTC 2015
Always Learning <centos at u64.u22.net>

On Thu, 2015-10-29 at 20:37 +0000, Ned Slider wrote:

> Combining multiple simple rules in a meta
> rule is also a great way to detect many spams. If you can find 3 or 4
> factors specific to these spam (the more unique the better), combining
> them usually gives excellent results.


In Exim I score 1 for sending IP address having no reverse DNS
 (IP > Name > the same IP address)
I score 1 for HELO/EHLO not resolving to the sending IP address
I score 1 for a non-existent email address

3 = IP blocked for several months ***before*** downloading the email's

2 = Gets connection rejected ***before*** downloading the email's body.


Never accept email from home user's domain names like (here is just a


Don't be an idle victim of mail abuse. Fight back hard.


England, EU.      England's place is in the European Union.