Re: [tlug] precious memories

[lists@example.com]

On Tue, Aug 09, 2016 at 04:46:43PM -0700, steve wrote:
> This is a phish, right??

To software eyes it's quite obvious:

	Content analysis details:   (5.1 points, 5.0 required)

	 pts rule name              description
	---- ---------------------- --------------------------------------------------
	-0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at http://www.dnswl.org/, low
															trust
															[80.237.138.238 listed in list.dnswl.org]
	 3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
															[181.168.219.5 listed in zen.spamhaus.org]
	 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
															domains are different
	 0.0 HTML_MESSAGE           BODY: HTML included in message
	-0.0 BAYES_40               BODY: Bayes spam probability is 20 to 40%
															[score: 0.2394]
	 1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
															[URIs: natrapatch.com]
	 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS

I've always had good success with spamassassin even when used on local
accounts and rarely see a phishing or spam mail unless I look into the
spam folder.  Maybe it would be beneficial to install it on @tlug.jp
mailing lists to get rid of this kind of stuff for good.

For the record, OpenBSD has a very nice spam daemon called spamd(8) [1]
which does not inspect message bodies but works with black, grey and
white lists. It would have caught on to the above phishing also. There
is a iptables port [2] but I'm not sure how well maintained it is.

--
[1] http://man.openbsd.org/OpenBSD-current/man8/spamd.8
[2] https://github.com/martinh/spamd-iptables