Good idea! I will add it to the file right away.

Thanks.

Denis

-----Message d'origine-----
De?: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Randal, Phil
Envoy??: 31 octobre 2013 09:34
??: MailScanner discussion
Objet?: RE: phishing.bad.sites.conf

Does adding it to phishing.safe.sites.conf have the required effect?

Phil


-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Denis Beauchemin
Sent: 31 October 2013 12:32
To: 'MailScanner discussion'
Subject: phishing.bad.sites.conf

Hello,

I just found out that the phishing.bad.sites.conf contains www.facebook.com. This file is kept up to date by /usr/sbin/update_bad_phishing_sites.

Now who can remove www.facebook.com from the master file? If nobody can I will have to stop the auto-update.

Thanks.

Denis


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Hoople Ltd, Registered in England and Wales No. 7556595 Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

Barry,

The phishing.bad.sites.conf is used to flag URLs in emails. It is not uncommon to use www.facebook.com/SiteName in emails nor should it be flagged as a phishing attempt.

Denis

-----Message d'origine-----
De?: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Barry Callahan
Envoy??: 31 octobre 2013 10:11
??: MailScanner discussion
Objet?: Re: phishing.bad.sites.conf

Uhh... yes. Yes, it contains www.facebook.com.
It also contains www.facebookprofileviewer.com

You should not be getting any legitimate emails from facebook originating from either of those machine names. The email should be coming from a @facebookmail.com address. And chances are, the machine handing it off to your server will be mx-out.facebook.com.

So, if you're getting email traffic claiming to come from www.facebook.com.... I doubt it's legitimate.

#/*****************************\
#* Barry Callahan
#* Technologist
#* RJL Systems
#* phone: 1 586 790 - 0200 x112
#* 1 800 528 - 4513 x112
#* fax: 1 586 790 - 0205
#\*****************************/
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

.... except the phishing checks are applied against the BODY of the
email, not the headers.

Nevermind. I need more coffee.

Sorry for lowering the SNR.