interfasys
Verified User
You should use the SURBL modification and the extra clamav signatures if you want to catch the phishing emails. It works very well.2. This line
{<{$message_size}{100k}}
needs to be about ~100K larger than the size Outlook reports if you want SpamAssassin to scan it. Changing it from 100k to 200k would still skip the phishing messages that Outlook reports at 113k, 146k, 172k, 173k while it would start to scan the SBS messages that show 108k-115k. If I make it 300k, it scans the phishing messages as well. I don't understand why, but it was very repeatable.