Page 1 of 1
MailScanner mailto: false positives
Posted: 13 Jul 2022 15:20
by max_of_tl
Hi,
I am getting false positives with bad URL for mailto: address links. An example:
Code: Select all
MailScanner has detected a possible fraud attempt from "domain.com" claiming to be mailto:user@domain.com
The following was added to /etc/MailScanner/phishing.safe.sites.conf:
mailto:*
*.domain.com
This did not fix the false messages.
Does anyone know what might cause this?
Thanks guys ,
Max
Re: MailScanner mailto: false positives
Posted: 13 Jul 2022 19:37
by max_of_tl
In the meantime,
In
I changed:
I did not notice this until just recently (after hacking around in Message.pm). This may be my solution.
Re: MailScanner mailto: false positives
Posted: 16 Jul 2022 19:08
by shawniverson
Re: MailScanner mailto: false positives
Posted: 09 Aug 2022 07:38
by pdwalker
max_of_tl wrote: ↑13 Jul 2022 15:20
Hi,
I am getting false positives with bad URL for mailto: address links. An example:
Code: Select all
MailScanner has detected a possible fraud attempt from "domain.com" claiming to be mailto:user@domain.com
The following was added to /etc/MailScanner/phishing.safe.sites.conf:
mailto:*
*.domain.com
This did not fix the false messages.
Does anyone know what might cause this?
Thanks guys ,
Max
According to phishing.safe.sites.conf
# Add your custom Phishing safe sites to the
# phishing.safe.sites.custom file in your MailScanner
# directory. Note that phishing.safe.sites.conf is
# overwritten when ms-update-phishing is executed.
So I've added my entries into phishing.safe.sites.custom:
*.domain.com
and then I have run the ms-update-phishing command
It works perfectly for me.
I do have to keep an eye on the messages coming in so I can update valid domain links send on behalf of another party.
