[Rspamd-Users] Image spam

[Bill Pye]

Hi all

My apologies to everyone for the late reply to this thread, other matters got in the way. :)

Thanks for your repolies, the one that seems to be working for me is the suggestion by Tim, I also have good DKIM, DMARC & SPF records and this seemed to be the easiest 'fix' for a non-coder. :)

Thanks again for everyone's input.

Regards


Bill

----- Original Message -----
> From: "Users" <users at lists.rspamd.com>
> To: "Users" <users at lists.rspamd.com>
> Cc: "Tim Harman" <tim at muppetz.com>
> Sent: Wednesday, 24 April, 2019 21:46:45
> Subject: Re: [Rspamd-Users] Image spam

> On 23/04/2019 9:03 pm, Tim Harman via Users wrote:
>> On 17/04/2019 9:51 pm, Bill Pye via Users wrote:
>>> Hi all
>>> 
>>> Does anyone have some insight what can be done, if anything, with the
>>> current wave of bitcoin 'image' spam that's hitting our servers?
>> 
>> The way I've dealt with it (with my single, small domain) is to
>> realise that the "scam" uses a from: that's the same as the to:
>> Because I have SPF, DKIM and a DMARC record that I'm happy with, I
>> have set DMARC failure to p=reject;
>> 
>> Then all I did was set the following in local.d/dmarc.conf
>> 
>> actions = {
>>   quarantine = "add_header";
>>   reject = "reject";
>> }
> 
> Just for anyone following along, putting
> 
> quarantine = "add_header";
> 
> In there was actually a dumb idea.  The problem is that because it's a
> prefilter, it will accept a mail and add a header to it, even if the
> mail otherwise scores a 70!  Accepting known spam seems silly, even if
> it is still tagged with a Spam header.
> 
> So the better solution is just:
> 
> actions = {
>   reject = "reject";
> }
> --
> Users mailing list
> Users at lists.rspamd.com
> https://lists.rspamd.com/mailman/listinfo/users