[Rspamd-Users] Image spam
Tim Harman
tim at muppetz.com
Wed Apr 24 19:46:45 UTC 2019
On 23/04/2019 9:03 pm, Tim Harman via Users wrote:
> On 17/04/2019 9:51 pm, Bill Pye via Users wrote:
>> Hi all
>>
>> Does anyone have some insight what can be done, if anything, with the
>> current wave of bitcoin 'image' spam that's hitting our servers?
>
> The way I've dealt with it (with my single, small domain) is to
> realise that the "scam" uses a from: that's the same as the to:
> Because I have SPF, DKIM and a DMARC record that I'm happy with, I
> have set DMARC failure to p=reject;
>
> Then all I did was set the following in local.d/dmarc.conf
>
> actions = {
> quarantine = "add_header";
> reject = "reject";
> }
Just for anyone following along, putting
quarantine = "add_header";
In there was actually a dumb idea. The problem is that because it's a
prefilter, it will accept a mail and add a header to it, even if the
mail otherwise scores a 70! Accepting known spam seems silly, even if
it is still tagged with a Spam header.
So the better solution is just:
actions = {
reject = "reject";
}
More information about the Users
mailing list