[CentOS] Detecting empty office doc containing virus macro
Always Learning
centos at u64.u22.net
Fri Oct 30 03:59:30 UTC 2015
On Thu, 2015-10-29 at 20:37 +0000, Ned Slider wrote:
> Combining multiple simple rules in a meta
> rule is also a great way to detect many spams. If you can find 3 or 4
> factors specific to these spam (the more unique the better), combining
> them usually gives excellent results.
Yep.
In Exim I score 1 for sending IP address having no reverse DNS
(IP > Name > the same IP address)
I score 1 for HELO/EHLO not resolving to the sending IP address
I score 1 for a non-existent email address
3 = IP blocked for several months ***before*** downloading the email's
body.
2 = Gets connection rejected ***before*** downloading the email's body.
+++
Never accept email from home user's domain names like (here is just a
few)
*airtelbroadband.in
*adsl.alicedsl.de
*dynamic.se.alltele.net
*alshamil.net.ae
*adsl.anteldata.net.uy
*aphie.info
*pools.arcor-ip.net
*static.arcor-ip.net
*as9105.com
*as13285.net
*as43234.net
Don't be an idle victim of mail abuse. Fight back hard.
--
Regards,
Paul.
England, EU. England's place is in the European Union.
More information about the CentOS
mailing list