body URL rewrite

Problems/questions regarding the MailCleaner configuration

Moderators: FlorianB, Pascal, bourgeois, mentor

fgarcia
Posts: 9
Joined: Tue Jul 07, 2015 10:45 am
How did you hear about Mailcleaner: google, articles about open source solutions

body URL rewrite

Postby fgarcia » Sat Jan 20, 2018 9:45 pm

Hi,
I have a terrible problem with phishing, my users receive periodically messages from phishers requesting their passwords for a lot of stupid reasons, most of these emails are blocked in mailcleaner, but some of them passed all filters and go to the users inbox... and users... users are users :(, when some of them send is password to the phisher they access to the user mailbox and use their account to send spam or another attacks. What I want is rewrite all the links in mails to redirect to a intermediate page with some recomendations before following the link, I have found this plugin for spamassassin:

https://spamassassin.apache.org/full/3. ... shTag.html

Autor page:
http://umut.topkara.org/PhishTag/

Seems like that is exactly what I need, but for some reason don't work, this is my config:

in local.cf
loadplugin PhishTag /usr/mailcleaner/share/spamassassin/plugins/PhishTag.pm
trigger_ratio 100
rawbody __HAS_LINK1 /a href/i
header __HAS_LINK2 To:addr =~ /fgarpe\@mytestnet\.net/i
meta HAS_LINK (( __HAS_LINK1 + __HAS_LINK2) > 1)
trigger_target HAS_LINK http://www.antiphishing.org/consumer_recs.html
describe HAS_LINK Has links for fgarpe
score HAS_LINK 0.1

I have this config in a test enviroinement, what I want in this moment is rewrite all the links that appear in all the emails that are sent to my address.
I can see in the headers of the received emails that the rules are applied correctly:

Spamc (score=-99.9, required=5.0,
RCVD_IN_MSPIKE_H3 -0.0, HAS_LINK 0.1, HTML_MESSAGE 0.0,
RCVD_IN_MSPIKE_WL -0.0, PHISHTAG_TOSS -100, RCVD_IN_DNSWL_NONE -0.0,
URIBL_BLOCKED 0.0)

in debug mode I see this in the spamd.log file:

Sat Jan 20 20:38:00 2018 [14208] dbg: PHISHTAG: Fulfilled http://www.antiphishing.org/consumer_recs.html
Sat Jan 20 20:38:00 2018 [14208] dbg: PHISHTAG: Decided to keep this email and point to http://www.antiphishing.org/consumer_recs.html
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: PRISTINE>>
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] --001a113cdea028b1eb05633a55c2
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] Content-Type: text/plain; charset="UTF-8"
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] http://www.mytestnet.net
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] mytestnet <http://www.mytestnet.net>
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] --001a113cdea028b1eb05633a55c2
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] Content-Type: text/html; charset="UTF-8"
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] <div dir="ltr"><div><a href="http://www.mytestnet.net">http://www.mytestnet.net</a><br><br></div><a href="http://www.mytestnet.net">mytestnet</a><br></div>
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] --001a113cdea028b1eb05633a55c2--
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: PRISTINE>>
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] --001a113cdea028b1eb05633a55c2
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] Content-Type: text/plain; charset="UTF-8"
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] http://www.antiphishing.org/consumer_recs.html
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] mytestnet <http://www.antiphishing.org/consumer_recs.html>
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] --001a113cdea028b1eb05633a55c2
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] Content-Type: text/html; charset="UTF-8"
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] <div dir="ltr"><div><a href="http://www.antiphishing.org/consumer_recs.html">http://www.antiphishing.org/consumer_recs.html</a><br><br></div><a href="http://www.antiphishing.org/consumer_recs.html">mytestnet</a><br></div>
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...]
Sat Jan 20 20:38:01 2018 [14208] dbg: generic: [...] --001a113cdea028b1eb05633a55c2--

Seems like the plugin works... but in my inbox I see the original message, not the converted message :(

Can someone help me?

Return to “Configuration”

Who is online

Users browsing this forum: Bing [Bot] and 5 guests