efa-project.org

Has anyone figured out how to whitelist KnowBe4 phishing tests? I am not sure where I would go about putting in the rules. They list spamassassin with some rules to put in but not sure where in EFA I would put those rules. Thanks in advance.


Phil

Try adding this in your local.cf. I don't use the knowbe4 service, but believe this should essentially be what you are asking for.

Add to /etc/mail/spamassassin/local.cf
header __KNOWBE4_1 X-Mailer =~ /KnowBe4/i
header __KNOWBE4_2 X-Sender =~ /\@kb4\.com/i
header __KNOWBE4_3 X-SenderBaseID =~ /knowbe4\.com/i
meta KNOWBE4_PHISH (__KNOWBE4_1 || __KNOWBE4_2 || __KNOWBE4_3)
score KNOWBE4_PHISH -100.0

Save the file, then run spamassassin --lint. If there is no output, means that the local.cf passes the test, then restart spamassassin - systemctl restart spamassassin Let me know how it goes.