Spam, spam, spam
All of a sudden, the number of spam messages increased in the middle of the month, on 12-jun-2019:
These messages have a few things in common:
If not above rejection level (200) most are within the range of discarding (50-200) and the rest – except a few – are quarantined. But the number is quite large so I had to clean both containers a few times a day, otherwise they would fill up quite fast.
I couldn’t filter them easily, because the sender domains are very different, and so are the subjects. Since it looks like most messages are sent via protected.outlook.com (Office365?) it is not feasible to block that domain or the addresses…
Scanning on content is also a lot of work since each message would need to be decoded and examined. The only real solution is to check on what is in the headers, and what PMAS makes of it.
Luckily, it offers the ability to create your own rules and scores, combining different single rules to a more complex one, and adding the score to the total. So I added a number of rules:
so messages that match either of these criteria, are rejected anyway, and won’t take up diskspace.
Second, since I let PMAS check on SPF, I added rules for that as well; the sender has either no SPF records, of these cannot be found, that’s Ok, since this still is quite common. But if there is one, it should be the right address of that domain – the check should result in ‘pass’. Otherwise, it is not acceptable – but no reason (yet) to reject the message. Just add the score to the current state. If that is high already (likely to be spam), it will be rejected because of this:
Now it is a matter of monitoring (and adjusting)