Phishing filter

Scott Silva ssilva at sgvwater.com
Wed Jun 22 18:07:34 IST 2011


on 6/22/2011 8:14 AM Markus Nilsson spake the following:
> 
> ----- Ursprungligt meddelande -----
> 
>> Från: "Glenn Steen" <glenn.steen at gmail.com>
>> Till: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
>> Skickat: onsdag, 22 jun 2011 16:52:32
>> Ämne: Re: Phishing filter
> 
>> On 22 June 2011 09:40, Markus Nilsson < markus at markusoft.se > wrote:
> 
>>> Hi
>>
> 
>>> I'm looking into whitelisting all private subnets in the phishing
>>> filter, since we see quite a few mails with links within or
>>> intranet
>>> that are reported by the filter.
>>
> 
>>> Do you see any obvious disadvantages with this? If not I'll submit
>>> the patch to the list, and hope to get it included!
>>
> 
>>> It should be as simple as adding a few lines to
>>> InPhishingWhiteList:
>>
>>> return 1 if $linkurl =~ m/^192\.168\.\d+\.\d+$/;
>>
>>> etc
>>
> 
>> Why would you need a patch? IIRC there is a
>> "phishing.safe.sites.conf" file where you can add your
>> local/intranet servers. Should do the trick:-).
> 
>> Cheers!
>> --
>> -- Glenn
> 
> Because I have a lot of users using this setup, using links to different
> intranets. So I would want to whitelist the entire nets, to not need to
> maintain such a list. The current phishing.safe.sites only accepts
> left-hand-side wildcards (naturally) so I can't add the ranges there with
> less than specifying all addresses...
> 
> The change to the code above would be much easier since that effectively
> whitelists all private ranges.
> 
Not all private ranges.... how about 10.0.0.0/8 or 172.16.0.0/16?
Maybe a patch that allows subnets in the whitelist would be better?
Not that I would dare to write it.



More information about the MailScanner mailing list