I just can't make this work reliably.. I'm trying to block a series of fake blackmail emails that hit my server, and SOMETIMES they get stopped, other times, not, and I dont understand why. I have content (body) filters: /spyware software developer/ /CVE-2018-0296/ Yet this email continues to slip through System seems to block 60-75% of this type of email, but I'm at a loss as to why the others are not. Hello, [snip] The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296). [snip]
Please do not publish spam emails here. Please edit your post and remove the email. To your problem, check the content of the email by viewing the source of the email in your email program, it might be that the actual text contains some HTML formatting which just makes it look like the content filter you are using but the actual email source is different.
You can post the actual message to a pastebin service for more help. Postfix body filters will quickly prove insufficient to parse anything more than the most basic cases, you'll probably need to write a spamassassin rule or even a clamavis signature.
