Search results

Try who object -> domain sendgrid.darwinbox.in. But I am not sure it is a good idea as the email from xyz.com are relaying through sendgrid.

Are you refering to Who object? If yes, it refer to Return-Path: header on your mail.

Try this. Btw, custom scores is to adjust spamassassin default rule score. body LOCAL_RULE /7amada/i

Try out policyd-rate-limit https://github.com/nitmir/policyd-rate-limit

show me your /etc/mail/spamassassin/custom.cf

Refer this https://forum.proxmox.com/threads/what-object-rule-to-match-a-word-in-mail-content.112820/post-487196

For email body, use spamassassin custom rules. https://forum.proxmox.com/threads/what-object-rule-to-match-a-word-in-mail-content.112820/post-487196

Example, from and subject header in what object.

@InGenetic, pls provide the spam mail in raw format.

Who object -> regular expression. Then create a mail filter rules using the object to block/quarantine email.

Another easier option is to use MD5/SHA1 hash-based signature. The hash-based signatures shall not be used for text files, HTML and any other data that gets internally preprocessed before pattern matching. 1. Genereite MD5/SHA1 hash using sigtool on the suspicious file. root@pmg:~/clamav#...

Is your Whitelist User rule higher priority than your spamassassin rules? ntispam pmg-smtp-filter[1122710]: 1018EC63061C1852C20: accept mail to <xxxx@xxxxx> (A8572101DCD) (rule: Whitelist User)

If you are running PMG in production and it is essential, recommend to get commercial AV as the detection rate should be better. https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml?lg=en

Just choose the right signature database based on the FP risk and also the update date. I notice some database from sanesecurity is quite old and may not be up-to-date. https://ftp.swin.edu.au/sanesecurity/...

ClamAV's default virus signature is bad. Either use custom 3rd party virus signature or use commercial AV like Avast. https://sanesecurity.com/usage/signatures/ https://www.avast.com/en-my/business/products/linux-antivirus

Are your PMG using public DNS like google or cloudflare? It will cause those 2 error. Set PMG to use a local resolver/DNS server will solve the problem.

zen.spamhaus.org=127.0.0.[2..11] If not mistaken, if you set as above, the dnsbl will only response/reject response code 127.0.0.2 to 127.0.0.11 and ignore others from spamhaus.org. https://docs.iredmail.org/enable.dnsbl.html

Should be this one http://www.postfix.org/postconf.5.html#smtpd_helo_required

PMG use postfix, check out postfix documentation. https://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

For those using windows, try below powershell script with clamwin. It work using the portable version. PS C:\Users\ED\Downloads> $data2 = cat yt-dlp.exe | C:\Users\ED\Downloads\ClamWinPortable\App\clamwin\bin\sigtool --hex-dump PS C:\Users\ED\Downloads> echo $data2.substring(0,2048)...