Anti-spear-phishing, round 2

Mark Sapiro mark at msapiro.net
Tue Jan 13 04:18:25 GMT 2009


On Mon, Jan 12, 2009 at 12:14:14PM +0000, Drew Marshall wrote:
> 
> I have now got as far as implementing this excellent feature but I  
> have bumped in to an interesting error.
> 
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions:  
> rule anti_phish caused action not-deliver in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions:  
> rule anti_phish caused action store in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions:  
> rule anti_phish caused action header in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions:  
> rule anti_phish caused action "X-Anti-Phish: in message  
> 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions:  
> rule anti_phish caused action Yes" in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: Message 7FAB84BE3B4.94CF3  
> produced illegal Non-Spam Actions " Yes" "X-Anti-Phish:", so message  
> is being delivered
> 
> The SpamAssassin Rule Action that generated this log  
> is ...ANTI_PHISH=>not-deliver,store,header "X-Anti-Phish: Yes" (I  
> slightly changed the header in case there was a problem with the _TO_  
> special command, which has made no difference).
> 
> So what have I done wrong (The actual creation of the SA rule etc is  
> fine as MailScanner is seeing the rule hit as can be seen in the log)?



Jules has indicated that the parsing of these is 'delicate'. It looks
like the quotes are confusing it into thinking that there are two rules/
actions:

ANTI_PHISH=>not-deliver,store,header

and

X-Anti-Phish: Yes

Remove the quotes. I think that will fix it.
 

-- 
Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the MailScanner mailing list