MailScanner mailto: false positives

Questions and answers about how to do stuff
Post Reply
max_of_tl
Posts: 15
Joined: 07 Jan 2021 18:47

MailScanner mailto: false positives

Post by max_of_tl »

Hi,

I am getting false positives with bad URL for mailto: address links. An example:

Code: Select all

MailScanner has detected a possible fraud attempt from "domain.com" claiming to be mailto:user@domain.com
The following was added to /etc/MailScanner/phishing.safe.sites.conf:

mailto:*
*.domain.com

This did not fix the false messages.

Does anyone know what might cause this?


Thanks guys ,

Max
max_of_tl
Posts: 15
Joined: 07 Jan 2021 18:47

Re: MailScanner mailto: false positives

Post by max_of_tl »

In the meantime,

In

Code: Select all

/etc/MailScanner/MailScanner.conf
I changed:

Code: Select all

Highlight Mailto Phishing = no
I did not notice this until just recently (after hacking around in Message.pm). This may be my solution.
User avatar
shawniverson
Posts: 3590
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: MailScanner mailto: false positives

Post by shawniverson »

8-)
User avatar
pdwalker
Posts: 1489
Joined: 18 Mar 2015 09:16

Re: MailScanner mailto: false positives

Post by pdwalker »

max_of_tl wrote: 13 Jul 2022 15:20 Hi,

I am getting false positives with bad URL for mailto: address links. An example:

Code: Select all

MailScanner has detected a possible fraud attempt from "domain.com" claiming to be mailto:user@domain.com
The following was added to /etc/MailScanner/phishing.safe.sites.conf:

mailto:*
*.domain.com

This did not fix the false messages.

Does anyone know what might cause this?


Thanks guys ,

Max
According to phishing.safe.sites.conf
# Add your custom Phishing safe sites to the
# phishing.safe.sites.custom file in your MailScanner
# directory. Note that phishing.safe.sites.conf is
# overwritten when ms-update-phishing is executed.
So I've added my entries into phishing.safe.sites.custom:
*.domain.com
and then I have run the ms-update-phishing command

It works perfectly for me.

I do have to keep an eye on the messages coming in so I can update valid domain links send on behalf of another party.
Post Reply