ScamNailer False Positives
M A Young
m.a.young at durham.ac.uk
Wed Sep 12 11:19:09 IST 2012
On Tue, 11 Sep 2012, Dan H. Eicher wrote:
> I'm in the process of transitioning from:
> Solaris+amavisd+postfix+dovecot+procmail -to-
> Redhat 6.3+MailScanner+postfix+dovecot+procmail
>
> I thought I would try here, as sanesecurity points me to:
> scamnailer at ecs.soton.ac.uk - Julian Field for issues with Scamnailer.
>
> Almost all the emails I get from UFL's helpdesk are marked as:
> “ScamNailer.Phish.helpdesk_AT_ufl.edu.UNOFFICIAL” and quarantined.
You need to work out what ScamNailer is objecting to, also whether the
scamnailer version and the data you are working from is up to date.
If an address is listed incorrectly, I believe the scamnailer data
originates from http://code.google.com/p/anti-phishing-email-reply/ so you
could look there to get false positives and no-longer-positives removed
(Help Desk addresses can be used in spam so it might have been listed
legitimately).
Michael Young
More information about the MailScanner
mailing list