Tagging phishing emails
mailscanner at joolee.nl
Mon Aug 29 17:43:02 IST 2011
Yes, that would be MailScanner itself. I disabled the option because it
gives a lot of false positives.
Mailscanner checks the contents of anchor texts against their href. (<a
href="http://mybank.com.fake.com">https://mybank.com</a>) Problem is that
something like this also gets flagged: <a href="
http://groupon.com/action/987219837">Coupon worth $50 on booking.com for
When MailScanner detects something with this method and Spamassassin thinks
the E-mail is okay, the mail gets cleaned and delivered with all headers set
like nothing is wrong.
I've implemented a few simple rules in Spamassassin to detect https / http
replacements like above. Doesn't catch all the phishing but sure does a lot.
On 29 August 2011 18:21, Mauricio Tavares <raubvogel at gmail.com> wrote:
> On Mon, Aug 29, 2011 at 11:41 AM, Kristofer Pettijohn
> <kristofer at cybernetik.net> wrote:
> > Hello,
> > I have set up Mailscanner as a gateway box in front of my mailserver. I
> > have it adding a header to messages identified as Spam
> > "X-Organization-Spam-Flag: Yes". My mail server then parses the headers,
> > and if it sees that header it automatically filters it into my users'
> > folder.
> > I see messages that go through MailScanner where in the log it says
> > phishing fraud from", but it still passes SpamAssassin, so that flag
> > get set. MailScanner will clean and disarm the email, however. What I
> > would like is for MailScanner to leave the message alone, but also tag it
> > being spam. Basically I would like it to do that for all emails where it
> > finds phishing fraud.
> Correct me if I am wrong but wouldn't that mean a
> program/module/something other than spamassassin is handling the phishing
> > Is this possible?
> > Thanks!
> > Kris
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > Before posting, read http://wiki.mailscanner.info/posting
> > Support MailScanner development - buy the book off the website!
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner