GraysonPeddie
Active Member
My Postfix server discards fraudulent e-mail when it comes to phishing attacks and Nigeria spammers and the password recovery e-mail got caught and labeled by SpamAssassin which gets discarded.
I've had to go into my Postfix server and comment out:
in /etc/postfix/header_checks.
I've had to require a password recovery a second time, but once I use KeePass2 for password management, I got it under control. So I checked to see what is going on:
I think what triggers FILL_THIS_FORM_FRAUD_PHISH is if there's no SPF or DKIM record for cocoontech.com. I checked your SPF record and there is none for cocoontech.com and x.cocoontech.com.
In my opinion, I really think it won't hurt to add an SPF record to a TXT record in your DNS provider's DNS settings.
I can add cocoontech.com to my SpamAssassin whitelist, but I don't think it will do any good if I see FILL_THIS_FORM_FRAUD_PHISH in my mail log even with a SpamAssassin score of -100. If anyone asked me a question "why am I making such a big deal out of this?" Well, I could work around it by maybe taking out "/FRAUD/ OK" in my header check since just about all the e-mails that are phishing-related will be blocked by Barracuda or Sorbs realtime blackhole list, but if e-mail were to slip through the RBLs, the e-mail can be checked by SpamAssassin and if there's no SPF and I will get an e-mail claiming to be from the bank (or maybe even CocoonTech), I'm pretty sure my spam filter will mark it with FILL_THIS_FORM_FRAUD_PHISH and can have Postfix discard it for me. So as far as you can tell, I am very tough against spam. Sometimes I can be too tough against spam and I may have to compromise my mail server just a tiny little bit.
I've had to go into my Postfix server and comment out:
Code:
/FRAUD/ DISCARD
in /etc/postfix/header_checks.
I've had to require a password recovery a second time, but once I use KeePass2 for password management, I got it under control. So I checked to see what is going on:
Code:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
server1.graysonpeddie.com
X-Spam-Level:
X-Spam-Status: No, score=0.4 required=0.7 tests=FILL_THIS_FORM_FRAUD_PHISH,
HTML_MESSAGE,T_FILL_THIS_FORM_SHORT autolearn=no version=3.3.2
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=209.59.172.71; helo=www.cocoontech.com; envelope-from=www-data(at)www.cocoontech.com; [email protected]
Received: from www.cocoontech.com (x.cocoontech.com [209.59.172.71])
by graysonpeddie.com (Postfix) with ESMTP id 1289AE62767
I think what triggers FILL_THIS_FORM_FRAUD_PHISH is if there's no SPF or DKIM record for cocoontech.com. I checked your SPF record and there is none for cocoontech.com and x.cocoontech.com.
In my opinion, I really think it won't hurt to add an SPF record to a TXT record in your DNS provider's DNS settings.
I can add cocoontech.com to my SpamAssassin whitelist, but I don't think it will do any good if I see FILL_THIS_FORM_FRAUD_PHISH in my mail log even with a SpamAssassin score of -100. If anyone asked me a question "why am I making such a big deal out of this?" Well, I could work around it by maybe taking out "/FRAUD/ OK" in my header check since just about all the e-mails that are phishing-related will be blocked by Barracuda or Sorbs realtime blackhole list, but if e-mail were to slip through the RBLs, the e-mail can be checked by SpamAssassin and if there's no SPF and I will get an e-mail claiming to be from the bank (or maybe even CocoonTech), I'm pretty sure my spam filter will mark it with FILL_THIS_FORM_FRAUD_PHISH and can have Postfix discard it for me. So as far as you can tell, I am very tough against spam. Sometimes I can be too tough against spam and I may have to compromise my mail server just a tiny little bit.