[TAG] Re-Update Your Online Banking !

[Rick Moen]

Quoting Martin J Hooper (martinjh at blueyonder.co.uk):

> Wouldn't something like Spamassasin work for filtering out the 
> phishing?

As a SMOP, yes.  ;->  (http://www.catb.org/jargon/html/S/SMOP.html)


As background:

The MTA (Exim) has a fairly elaborate set of rules used to check the
incoming SMTP stream prior to saying "200 OK" in the SMTP conversation
(rules including "callback" ones that check the delivering IP for
RFC-complianc).  _Then_, if the stream passes those tests, and still
before Exim is willing to say "2000 OK", Exim runs a system-wide
SpamAssassin check on the mail, and allows the mail through only if 
SA-measured spamicity isn't too high.

Deferring the SA-checking until after the more-extensive Exim rules 
is important for system performance, as Exim's engine is much lighter
and faster than SA's.


Anyhow, if someone can tackle the phishing exercises du jour and craft
appropriate rulesets for me, preferably that _don't_ also produce too
much collateral damage, I'll be glad to drop them in.  

I'm not really good at writing those, myself -- and badly written SA
rules turn out to be a very nicely efficient way to make a mail server
fall over.  I know this empirically, from having insouciantly grabbed a
bunch of rules from http://www.rulesemporium.com/rules.htm (and yes, I
did check them with spamassassin -D --lint), restart spamd, and watched
spamd immediately eat all my RAM.

(I do play with SA settings, occasionally, I'm just saying I have to be
careful about it, given that it's a production system and I really hate
having to drop everything and deal with sudden emergencies.)