Search results

Try this. Btw, custom scores is to adjust spamassassin default rule score. body LOCAL_RULE /7amada/i

Try out policyd-rate-limit https://github.com/nitmir/policyd-rate-limit

show me your /etc/mail/spamassassin/custom.cf

Refer this https://forum.proxmox.com/threads/what-object-rule-to-match-a-word-in-mail-content.112820/post-487196

For email body, use spamassassin custom rules. https://forum.proxmox.com/threads/what-object-rule-to-match-a-word-in-mail-content.112820/post-487196

Example, from and subject header in what object.

@InGenetic, pls provide the spam mail in raw format.

Who object -> regular expression. Then create a mail filter rules using the object to block/quarantine email.

Another easier option is to use MD5/SHA1 hash-based signature. The hash-based signatures shall not be used for text files, HTML and any other data that gets internally preprocessed before pattern matching. 1. Genereite MD5/SHA1 hash using sigtool on the suspicious file. root@pmg:~/clamav#...

Is your Whitelist User rule higher priority than your spamassassin rules? ntispam pmg-smtp-filter[1122710]: 1018EC63061C1852C20: accept mail to <xxxx@xxxxx> (A8572101DCD) (rule: Whitelist User)

If you are running PMG in production and it is essential, recommend to get commercial AV as the detection rate should be better. https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en

Just choose the right signature database based on the FP risk and also the update date. I notice some database from sanesecurity is quite old and may not be up-to-date. https://ftp.swin.edu.au/sanesecurity/...

ClamAV's default virus signature is bad. Either use custom 3rd party virus signature or use commercial AV like Avast. https://sanesecurity.com/usage/signatures/ https://www.avast.com/en-my/business/products/linux-antivirus

Are your PMG using public DNS like google or cloudflare? It will cause those 2 error. Set PMG to use a local resolver/DNS server will solve the problem.

zen.spamhaus.org=127.0.0.[2..11] If not mistaken, if you set as above, the dnsbl will only response/reject response code 127.0.0.2 to 127.0.0.11 and ignore others from spamhaus.org. https://docs.iredmail.org/enable.dnsbl.html

Should be this one http://www.postfix.org/postconf.5.html#smtpd_helo_required

PMG use postfix, check out postfix documentation. https://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

For those using windows, try below powershell script with clamwin. It work using the portable version. PS C:\Users\ED\Downloads> $data2 = cat yt-dlp.exe | C:\Users\ED\Downloads\ClamWinPortable\App\clamwin\bin\sigtool --hex-dump PS C:\Users\ED\Downloads> echo $data2.substring(0,2048)...

DNSBL will not work if the sender server (185.41.154.171) is not blacklisted. Again, it is important to setup local resolver/DNS service if you are using DNSBL. I think the main issue is RCVD_IN_DNSWL_HI(-5). If you notice many false positive from this SA score, try modify the default -5 score...

PMG use clamav as the default AV engine for virus scanning and the default detection rate is bad. Beside add custom 3rd signature database, let try to create your own custom signature database using clamav's sigtool. 1. Use sigtool to hex dump the first 2KB output of the suspicious file to the...