Created
December 29, 2019 19:08
-
-
Save bmatthewshea/79876908eae1b51795a257f36fca5f7a to your computer and use it in GitHub Desktop.
Spamassassin Rule - AWS/Amazon Email Spoofing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add to end of /etc/spamassassin/local.cf | |
| # | |
| # AWS/amazon spoofing - simple check for dot appended on things like "console.aws.amazon.com.spoofdomain.com" (case insensitive) | |
| # XXXXXXXXXXXXXXXXXXXXXX^############### | |
| rawbody LOCAL_AWS_SPOOF1 /aws\.amazon\.com\./i | |
| describe LOCAL_AWS_SPOOF1 Fake AWS URL in body extra dot on domain | |
| score LOCAL_AWS_SPOOF1 10.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment