Yes, that would be MailScanner itself. I disabled the option because it gives a lot of false positives.<br><br>Mailscanner checks the contents of anchor texts against their href. (<a href="<a href="http://mybank.com.fake.com">http://mybank.com.fake.com</a>"><a href="https://mybank.com">https://mybank.com</a></a>) Problem is that something like this also gets flagged: <a href="<a href="http://groupon.com/action/987219837">http://groupon.com/action/987219837</a>">Coupon worth $50 on <a href="http://booking.com">booking.com</a> for only $5!</a><br>
When MailScanner detects something with this method and Spamassassin thinks the E-mail is okay, the mail gets cleaned and delivered with all headers set like nothing is wrong.<br><br>I've implemented a few simple rules in Spamassassin to detect https / http replacements like above. Doesn't catch all the phishing but sure does a lot.<br>
<br><div class="gmail_quote">On 29 August 2011 18:21, Mauricio Tavares <span dir="ltr"><<a href="mailto:raubvogel@gmail.com">raubvogel@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5">On Mon, Aug 29, 2011 at 11:41 AM, Kristofer Pettijohn<br>
<<a href="mailto:kristofer@cybernetik.net">kristofer@cybernetik.net</a>> wrote:<br>
> Hello,<br>
><br>
> I have set up Mailscanner as a gateway box in front of my mailserver. I<br>
> have it adding a header to messages identified as Spam<br>
> "X-Organization-Spam-Flag: Yes". My mail server then parses the headers,<br>
> and if it sees that header it automatically filters it into my users' "Junk"<br>
> folder.<br>
><br>
> I see messages that go through MailScanner where in the log it says "Found<br>
> phishing fraud from", but it still passes SpamAssassin, so that flag doesn't<br>
> get set. MailScanner will clean and disarm the email, however. What I<br>
> would like is for MailScanner to leave the message alone, but also tag it as<br>
> being spam. Basically I would like it to do that for all emails where it<br>
> finds phishing fraud.<br>
><br>
</div></div> Correct me if I am wrong but wouldn't that mean a<br>
program/module/something other than spamassassin is handling the phishing stuff?<br>
<div class="im"><br>
> Is this possible?<br>
><br>
> Thanks!<br>
> Kris<br>
><br>
</div>> --<br>
> MailScanner mailing list<br>
> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
><br>
> Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
><br>
> Support MailScanner development - buy the book off the website!<br>
><br>
><br>
<font color="#888888">--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</font></blockquote></div><br>