Can't get rules to apply, being ignored?
Posted: 16 Oct 2013, 22:29
Hi, I hope someone can answer this pickle!
In the default MS config, the "Find Phishing Fraud" value was set to yes, but this caused an issue where our own outgoing mail to a customer got scary red text in their Email (from us) warning it's a phishing fraud! MS didn't like the link we used I guess.
In MS it says I can use a rules file for this setting, so I created a rules file and pointed the setting to "%rules-dir%/phish.scanning.rules".
I have run a bunch of tests using the original problem Email and having them send it to my Gmail. When I change the MS value to "no", the red text doesn't appear, that's normal. When I used a rules file and inside the rules file I simply put FromorTo: default no, the red text doesn't appear either, so I know the rules file is working (I think?).
Here is the problem, I just want our incoming mail scanning for phishing, NOT our outgoing, so I put entries like this in the rules file:
To: *@ourdomain yes
To: *@anotherdomain yes
FromorTo: default no
And with this setup, the red text still appears, as if the "To" entires are being ignored. I've resaved the file, made sure there were tabs between text, restarted services etc etc.
So basically, how can I used a rules file for phishing such that it only scans incoming mail?
Thanks!
In the default MS config, the "Find Phishing Fraud" value was set to yes, but this caused an issue where our own outgoing mail to a customer got scary red text in their Email (from us) warning it's a phishing fraud! MS didn't like the link we used I guess.
In MS it says I can use a rules file for this setting, so I created a rules file and pointed the setting to "%rules-dir%/phish.scanning.rules".
I have run a bunch of tests using the original problem Email and having them send it to my Gmail. When I change the MS value to "no", the red text doesn't appear, that's normal. When I used a rules file and inside the rules file I simply put FromorTo: default no, the red text doesn't appear either, so I know the rules file is working (I think?).
Here is the problem, I just want our incoming mail scanning for phishing, NOT our outgoing, so I put entries like this in the rules file:
To: *@ourdomain yes
To: *@anotherdomain yes
FromorTo: default no
And with this setup, the red text still appears, as if the "To" entires are being ignored. I've resaved the file, made sure there were tabs between text, restarted services etc etc.
So basically, how can I used a rules file for phishing such that it only scans incoming mail?
Thanks!