Anti-spear-phishing, round 2

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 13 08:47:39 GMT 2009


Upgrade to the latest version, I have fixed this problem already.

Please confirm that upgrading does indeed fix the problem for you, but I 
have just tried your exact rule and it worked just fine for me, and I 
have just upgraded to the latest too.

My guess would be that you have a version before 4.74.8?

Cheers,
Jules.

On 12/1/09 12:14, Drew Marshall wrote:
> On 6 Jan 2009, at 22:20, Julian Field wrote:
>
>> I have done a load of work on my script that uses the 
>> anti-spear-phishing addresses database.
>>
>> The main thing is now that it is pretty much a finished script, and 
>> is directly usable by you guys without you having to do much to it 
>> except read the settings at the top and tweak the filenames if you 
>> want to change where it puts things.
>
> Jules
>
> I have now got as far as implementing this excellent feature but I 
> have bumped in to an interesting error.
>
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: 
> rule anti_phish caused action not-deliver in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: 
> rule anti_phish caused action store in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: 
> rule anti_phish caused action header in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: 
> rule anti_phish caused action "X-Anti-Phish: in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: SpamAssassin Rule Actions: 
> rule anti_phish caused action Yes" in message 7FAB84BE3B4.94CF3
> Jan 12 10:58:25 in1-b MailScanner[78431]: Message 7FAB84BE3B4.94CF3 
> produced illegal Non-Spam Actions " Yes" "X-Anti-Phish:", so message 
> is being delivered
>
> The SpamAssassin Rule Action that generated this log is 
> ...ANTI_PHISH=>not-deliver,store,header "X-Anti-Phish: Yes" (I 
> slightly changed the header in case there was a problem with the _TO_ 
> special command, which has made no difference).
>
> So what have I done wrong (The actual creation of the SA rule etc is 
> fine as MailScanner is seeing the rule hit as can be seen in the log)?
>
> Drew
>
> -- 
> In line with our policy, this message has been scanned for viruses and 
> dangerouscontent by Technology Tiger's Mail Launder system 
> <www.mail-launder.com>
> Our email policy can be found at www.technologytiger.net/policy
>
> Technology Tiger Limited is registered in Scotland with registration 
> number: 310997
> Registered Office 55-57 West High Street Inverurie AB51 3QQ
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list