----- Original Message ----- From: "Kevin A. McGrail" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 05, 2004 6:37 PM Subject: Re: Phish Rule Question
> > I am trying to write a rule that helps catch phishing emails. These > emails > > do NOT have any url spoofing in them. They are pure and simple social > > engineering. > > Thanks for all the replies. I needed to use rawbody as was pointed out. > > The beta rule to try and catch phishing emails is up now in > http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf > > Feedback appreciated and it has a low score of 1.0 until I confirm more > about FPs. > > Regards, > KAM > Sorry if repeating, but I never got any answers to this: This newbie sees various posts like the above here on the list. These rules can be invoked by which of the following means: 1. Simply copying the .cf file to /etc/spamassassin (or the appropriate user dir)? 2. Cutting and pasting the rules directly to the local.cf file would work for the above KAM.cf, but I see other .cf files that don't directly contain regex rules etc. Are those invoked simply be their being in the /etc/mail/spamassassin dir with the local.cf file, or is some other step necessary to invoke them?
