Phishing detection not updating email subject

Ryan Burchfield ryan at
Sun Apr 24 16:38:43 IST 2011

New user of MailScanner here and so far I like it. Very flexible and 

As part of my installation (v 4.83.5-1) I tested the phishing filters by 
crafting a bad link. The filters detect the bad link, insert the warning 
into the email and log the detection in my syslog. However, the subject 
of the offending email is not updated per my configuration.

I took a peak in and it appears to me that it is just an 
oversight from a past revision. In many places previous if conditions 
pertaining to phishing detection events have been replaced with new ones.


Here is the syslog snippet.
Apr 24 10:08:06 mail MailScanner[1079]: Virus and Content Scanning: Starting
Apr 24 10:08:06 mail sendmail[1089]: p3OF85U7001089: from=<____>, 
size=940, class=0, nrcpts=1, msgid=<____>, proto=ESMTP, daemon=MTA, 
Apr 24 10:08:06 mail dkim-filter[28250]: p3OF85U7001089: no signature data
Apr 24 10:08:16 mail MailScanner[1100]: Found phishing fraud from claiming to be in p3OF803K001087
Apr 24 10:08:16 mail MailScanner[1079]: Content Checks: Detected and 
have disarmed phishing tags in HTML message in p3OF803K001087 from ____
Apr 24 10:08:16 mail MailScanner[1079]: Uninfected: Delivered 1 messages
Apr 24 10:08:16 mail MailScanner[1079]: Deleted 1 messages from 

Here are the relevant conf sections. (Comments removed for brevity)
Phishing Modify Subject = start
Phishing Subject Text = {Phishing?}
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Use Stricter Phishing Net = yes
Highlight Phishing Fraud = yes
Phishing Safe Sites File = %etc-dir%/
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Country Sub-Domains List = %etc-dir%/

More information about the MailScanner mailing list