Hi Mark,

Thanks for this. I went for the database clamd option in the end.
I don't imagine there's any difference. I want the phishing just added as spam viruses (which share the same header as normal spam), but I might split up phishing and spam viruses at some point.

It's all working now. Thanks for your explanation (and sorry for top posting).


Rich





-----Original Message-----
From: Mark Sapiro [mailto:mark at msapiro.net]
Sent: 23 July 2013 20:13
To: MailScanner discussion
Cc: Richard Mealing
Subject: Re: ScamNailer
First of all, see the thread that begins at<http://lists.mailscanner.info/pipermail/mailscanner/2013-June/100789.html>
and particularly, the patch in the post at <http://lists.mailscanner.info/pipermail/mailscanner/2013-June/100822.html>.

Otherwise you will be working with old data.
The bottom has a score for the rule 'SCAMNAILER'. The score is not important, but you need a 'SpamAssassin Rule Actions' rule or ruleset for it. See the documentation in MailScanner.conf around line 2551 starting with "# This next setting is very powerful."

In my case, I have

SpamAssassin Rule Actions = %rules-dir%/spamassassin_rule_actions.rules

and for the default rule I have

FromOrTo: default SCAMNAILER=>store,not-deliver,forward
user+phish at example.com,header "X-GPC-MailScanner-Originally-To: _TO_"

which will store the message in quarantine, not deliver it, forward it to user+phish at example.com and add the header
X-GPC-MailScanner-Originally-To: with the original envelope recipient to the forwarded message.