Highlight Phishing Fraud

[Shawn Iverson]

I would expect the second options to just leave the body alone and 
modify the subject, so I will run some tests and see why that is not 
happening.

On 9/6/22 17:34, mailscanner at 118119.se wrote:
> Hi,
> I've been testing the settings for Find Phishing Fraud and Highlight Phishing Fraud but can't really understand what the different settings do. I use a domain from phishing.bad.sites.conf included in my test e-mail to trigger the phishing filter. All other settings regarding filtering are set to default / standard MailScanner.conf.
>
> If I use these settings, the e-mail gets through with inline HTML added to the link and "{Disarmed}" in the subject line.
> Find Phishing Fraud = yes
> Highlight Phishing Fraud = yes
> Phishing Modify Subject = start
> Phishing Subject Text = {Fraud?}
>
> And when changing to these settings instead, the mail gets through with unaltered body and subject. I can't find any "Content Checks"-lines in the logs.
> Find Phishing Fraud = yes
> Highlight Phishing Fraud = No
> Phishing Modify Subject = start
> Phishing Subject Text = {Fraud?}
>
> It seems like both Find Phishing Fraud and Highlight Phishing Fraud has to be set to "yes" for the phishing filter to be activated at all? And I can't get the Phishing Subject Text to appear at all. I've only seen "{Disarmed}" added to the subject.
> I would like for the e-mail either be blocked in total or just have the subject line altered. Is any of that possible?
>
> Best regards, Jonas
>
>