Use PhishTank and OpenPhish feeds with spamassassin on iRedMail and ISPConfig
Spamassassin version 3.4.2 introduces two new useful modules: phishing and HashBL/EBL (Email Blocklist) modules. I have been able to use the phishing module on a Debian 10 with both phishtank and openphish repositories.
Let’s see how-to enable the module and configure it.
Open with an text editor like, ex: vim, nano the /etc/spamassassin/local.cf file. Inside it, append the bottom of the file , the following content:
ifplugin Mail::SpamAssassin::Plugin::Phishing phishing_openphish_feed /etc/mail/spamassassin/openphish-feed.txt phishing_phishtank_feed /etc/mail/spamassassin/phishtank-feed.csv body URI_PHISHING eval:check_phishing() describe URI_PHISHING Url match phishing in feedendifNow we need to download the signatures/feeds for the first time, this can be done by using curl:
curl -L https://openphish.com/feed.txt -z /etc/mail/spamassassin/openphish-feed.txt -o /etc/mail/spamassassin/openphish-feed.txtcurl -L http://data.phishtank.com/data/online-valid.csv -z /etc/mail/spamassassin/phishtank-feed.csv -o /etc/mail/spamassassin/phishtank-feed.csvLet’s make a cronjob that runs hourly in order to have always fresh signatures:
cat <<EOF >>/etc/cron.hourly/phishing#!/bin/bashcurl -L https://openphish.com/feed.txt -z /etc/mail/spamassassin/openphish-feed.txt -o /etc/mail/spamassassin/openphish-feed.txt &> /dev/nullcurl -L http://data.phishtank.com/data/online-valid.csv -z /etc/mail/spamassassin/phishtank-feed.csv -o /etc/mail/spamassassin/phishtank-feed.csv &> /dev/nullEOFRestart SpamAssassin
ISPConfig
systemctl restart spamd.serviceI have raised a Feature Request on ISPConfig repository because I think would be a nice have, link
iRedMail
In iRedMail there isn’t a spamd daemon running because SpamAssassin is invoked by Amavisd daemon:
systemctl restart amavis.service