1

Topic: Blocking URL in body

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8 MARIADB
- Deployed with iRedMail Easy or the downloadable installer?: Installer
- Linux/BSD distribution name and version: CentOS 7.8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?: Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I added these lines to the bottom of /etc/mail/spamassassin/local.cf:

body        PHISHYGOO    /firebasestorage\.googleapis\.com/i
describe    PHISHYGOO    Block firebasestorage.googleapis.com URLs
score        PHISHYGOO    15.0

I restarted both amavisd and Postfix, and sent test messages containing links to this URL, but they all got through with no reference to this new rule in the headers.

Any suggestions for what I did wrong here?

Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Blocking URL in body

Turn on debug mode in Amavisd (especially "sa_debug" parameter) to figure it out:
https://docs.iredmail.org/debug.amavisd.html

3

Re: Blocking URL in body

btw, googleapis.com is not phishing site.

4

Re: Blocking URL in body

Thanks. I've increased the log level for both Amavisd and Spamassassin. I'll do some tests and check the logs in the morning.

Yes, I understand that googleapis.com isn't supposed to be a phishing site, but their users are setting up phishing sites in their accounts, as happens on any other web hosting service.


Craig