Spam email containing Hidden Text

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Spam email containing Hidden Text

jason hirsh
I have been noting an big increase in spam that contains html and images   One common feature is that these emails contain hidden text that only shows up when I look at the source

I found samples of this at http://www.hoax-slayer.com/hidden-text-spam.html

Right now I have been having some success by blocking a country , in the most common instance .eu, in the header checks

but can’t think of a body check to catch this when it spread further


I would appreciate any suggestions




Reply | Threaded
Open this post in threaded view
|

Re: Spam email containing Hidden Text

Nikolaos Milas
What software are you using?

For example, are you using amavisd-new, clamav, spam-assassin ?

...And additionally, postscreen (with dnsbl !), perhaps sane-security
(as part of clamav), fail2ban (to block repetiive unsuccessful
connections) etc. ?

Use sa-learn too!

Perhaps this is more an amavisd question rather than a postfix one!

All the best,
Nick

On 15/3/2014 5:35 μμ, jason hirsh wrote:

> I have been noting an big increase in spam that contains html and images   One common feature is that these emails contain hidden text that only shows up when I look at the source
>
> I found samples of this at http://www.hoax-slayer.com/hidden-text-spam.html
>
> Right now I have been having some success by blocking a country , in the most common instance .eu, in the header checks
>
> but can’t think of a body check to catch this when it spread further
>
>
> I would appreciate any suggestions
>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Spam email containing Hidden Text

Nikolaos Milas
On 15/3/2014 8:28 μμ, David Mehler wrote:

> Hello,
>
> I'm also interested in this. I'm using Postfix with DSpam and I would
> like to avoid this type of spam.
>
> Thanks.
> Dave.

Please, stay on the list.

 From experience, I'd advise to use an internal mail server as a final
destination, then setup at least one mailgateway for filtering your
incoming mail.

I don't know about DSpam or other software, we are using a solution as
the one I described.

You may find a lot of guides on the Internet for setting things up. For
example, on CentOS:

http://wiki.centos.org/HowTos/Amavisd
http://andrewpuschak.com/dokuwiki/doku.php?id=centos_6_email_server
http://nolabnoparty.com/en/secure-postfix-amavisd-clamav-spamassassin/

The links are simply indicative (from googling). As usual, YMMV...

All the best,
Nick
Reply | Threaded
Open this post in threaded view
|

Re: Spam email containing Hidden Text

jason hirsh
Sorry
I am using Postfix with Amasvid-new/spam assassin   and Dovecot

Over all doing pretty  good catching stuff   but this is combination is new to me and the only guides that discuss it seem to be trying to sell
a product
On Mar 15, 2014, at 3:10 PM, Nikolaos Milas <[hidden email]> wrote:

> On 15/3/2014 8:28 μμ, David Mehler wrote:
>
>> Hello,
>>
>> I'm also interested in this. I'm using Postfix with DSpam and I would
>> like to avoid this type of spam.
>>
>> Thanks.
>> Dave.
>
> Please, stay on the list.
>
> From experience, I'd advise to use an internal mail server as a final destination, then setup at least one mailgateway for filtering your incoming mail.
>
> I don't know about DSpam or other software, we are using a solution as the one I described.
>
> You may find a lot of guides on the Internet for setting things up. For example, on CentOS:
>
> http://wiki.centos.org/HowTos/Amavisd
> http://andrewpuschak.com/dokuwiki/doku.php?id=centos_6_email_server
> http://nolabnoparty.com/en/secure-postfix-amavisd-clamav-spamassassin/
>
> The links are simply indicative (from googling). As usual, YMMV...
>
> All the best,
> Nick