New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sender Spoofing #1007
Comments
I just noticed that outlook is also affected if someone uses multiple mailbox addresses in the Also this is not detected/flagged by Spamassassin and is actively exploited in a current large virus campain. Does someone have an idea on how to prevent that? |
@Skywalker-11 update SpamAssassin to Version 3.4.2, it has now a new plugin: Mail::SpamAssassin::Plugin::FromNameSpoof https://lists.gt.net/spamassassin/announce/211404 But the actually running malware campaign doesn't get detected by it, you need a additional custom SA Rule like:
I know its a bit harsh, but no FP so far. So the new SA Plugin and a few custom SA rules should catch it almost all. |
For Debian Stretch, they uploaded SpamAssassin 3.4.2 this night. |
That is so much simpler than |
Hai, about that "From =~ …. " line, where do you place that if i may ask. I suggest also to get the updated version of FromNameSpoof
then add :
And now it should do its work. |
I put it in /etc/MailScanner/spamassasin.conf (symlink from /etc/spamassassin/MailScanner.cf)
|
Here is a new variant with base64 encoded from:
But the regex is still matching. ;) |
Hi, i just tryed to update spamassassin for efa-project by using yum install spamassassin and efa told me that the newest version is installed (3.4.1) is there a way to use header MULTI_FROM_ADDRESS From =~ /^.<.@.>.<.@.>/i with efa-project? |
@hossmann234 eFa v4 is almost ready; otherwise you would need to compile 3.4.2 yourself on CentOS 6. |
Hi, thanks shawniverson. On the Homepage from eFa it told me eFa4 is coming soon, did anybody know when? It feels like it is almost ready since a year. |
@hossmann234 You can take a look here, but as far as doing it in a way that doesn't break something, I cannot speak to that. https://svn.apache.org/repos/asf/spamassassin/branches/3.4/INSTALL |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Hi folks!
An important information for mail user.
https://www.mailsploit.com/index
Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
Bugs were found in over 30 applications, including prominent ones like Apple Mail (macOS, iOS and watchOS), Mozilla Thunderbird, various Microsoft email clients, Yahoo! Mail, ProtonMail and others.
In addition to the spoofing vulnerability, some of the tested applications also proved to be vulnerable to XSS and code injection attacks.
The text was updated successfully, but these errors were encountered: