[TriLUG] spamassassin on pilot, how to block a phishing e-mail
Joseph Mack NA3T via TriLUG
trilug at trilug.org
Wed Feb 19 10:14:21 EST 2020
On Wed, 19 Feb 2020, Joseph Mack NA3T via TriLUG wrote:
Replying to myself (and for anyone else in the same situation) ...
Presumably I'm to create my own .spamassassin file (I should have realised, I
needed to take initiative). However the FAQ gave me an alternative
https://trilug.org/wiki/Frequently_Asked_Questions#What_is_Sieve.3F
telling me to setup a .sieve file and directs you to Sieve documentation which
only gives complicated examples. I needed a .sieve equivalent of "hello world".
I found it in the RFC
https://www.ietf.org/rfc/rfc3028.txt?number=3028
Here's my first ~/.sieve file
require ["fileinto"];
if header :contains "from" "jmack at wm7d.net" {
fileinto "Junk";
#discard;
}
Here jmack at wm7d.net is another account I can send e-mail from, to simulate an
address sending spam. I sent e-mail from jmack at wm7d.net to my account on pilot,
the e-mail wound up in my .Junk directory, and biff notified me that I had
e-mail.
Notes:
o it didn't work till I logged out of pilot and logged back in. I don't know if
the logout/login was required, or I just happened to get the syntax of my .sieve
file right at the same time.
o a ~/.sieve.log is created which holds syntax errors in your ~/.sieve file.
Once my ~/.sieve file started working, there were no more updates to .sieve.log
o a ~/.sieve.svbin (binary) file is updated whenever sieve does something.
I then uncommented the discard option, and commented fileinto "Junk". Now I
didn't get notification of arrival of e-mail, there was no e-mail anywhere I
could find and ~/.sieve.svbin was updated.
I'll change the e-mail address to the phishing e-mail address and await next
week's robo e-mail. (If I remember, I'll let you know if it worked.)
If anyone wants to put this info in the FAQ, please go ahead.
Thanks to someone for install Sieve
Joe
> I get e-mail via my shell account on pilot.
>
> For the last 6 mo, I've been getting a weekly phishing e-mail, apparently
> sent
> by a robot. I'd like to block it. According to
>
> https://trilug.org/wiki/Frequently_Asked_Questions#Does_the_TriLUG_Mail_server_use_Spamassassin.3F
>
> I should have a ~/.spamassassin/user_prefs file, but I don't have a
> ~/.spamassassin/ directory.
>
> What should I do to start blocking the phishing e-mail?
>
> Thanks Joe
>
>
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant
map generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
More information about the TriLUG
mailing list