Micah Anderson wrote:
> I keep getting hit by phishing attacks, and they aren't being stopped by
> anything I've thrown up in front of them:
>
> postfix is doing:
> reject_rbl_client b.barracudacentral.org,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client list.dsbl.org,
>
> I've got clamav pulling signatures updated once a day from sanesecurity
> (phishing, spam, junk, rogue), SecuriteInfo (honeynet, vx,
> securesiteinfo) and Malware Black List, MSRBL (images, spam).
>
> I've got spamassassin 3.2.5 with URIBL plugin loaded (which I understand
> pulls in the 25_uribl.cf automatically, right? Or do I need to configure
> that? if its automatic, that pulls in SURBL phishing). I've got Botnet
> setup, PDFinfo and postcards, i'm using DCC and a bayesdb, i've got the
> hashcash, and SPF plugins loaded, imageinfo, pretty much everything I
> can think of....but for some reason phishing attempts keep getting
> through.
>
> Sadly, I do not have an example I can share at the moment, as I
> typically delete them in a rage after training my bayes filter on
> them. However, I am looking for any suggestions of other things I can
> turn on... in particular, are there rules that people have created that
> look for certain keywords where the body is asking for your
> account/password information?
>
> Thanks for any ideas,
> micah
>
>

Report these and maybe they will add something that catches them. If one
wanted to, they can get any mail the want through your filters if they
are good and don't use things that trigger the rules.