[Pulling this conversation back on-list where I can misinform everyone
publicly]
On 22 Jan 2019, at 5:04, Ian Evans wrote:
On Tue, Jan 22, 2019 at 2:15 AM Bill Cole <
sausers-20150...@billmail.scconsult.com> wrote:
[snip]
Note that because the plugin is disabled by default, the default
ruleset
distributed via sa-update does not include a rule using the plugin
and
so you must define a rule as documented for the plugin to be used at
all.
One thing I'm not clear on:
a) do we need to add this to local.cf:
ifplugin Mail::SpamAssassin::Plugin::Phishing
phishing_openphish_feed /etc/mail/spamassassin/openphish-feed.txt
phishing_phishtank_feed /etc/mail/spamassassin/phishtank-feed.csv
body URI_PHISHING eval:check_phishing()
describe URI_PHISHING Url match phishing in feed
endif
Yes. You may want to only use one of the two feeds, put the feed file(s)
in different places, or name the rule something other than URI_PHISHING,
but you need to have a body eval rule calling check_phishing() and the
path to at least one of the feeds specified.
and b) is that sufficient to "define a rule as documented for the
plugin to
be used at
all."
Yes.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole
