Some of my users are receiving phishing mails that use a clever Google redirect trick. More or less its a message with link to
www.google.com/#btnI=blaahblaahblaah which then redirects to the site blaahblah.
I want to block any messages containing
www.google.com/#btnI= which I tried to do with custom spamassassin filter but it seems to be ignored and I am not sure if this an SME thing, spamassassin thing or my regex is wrong.
I added this to /etc/mail/spamassassin/local.cf
body BODY_REDIRECT_TRICK /www\.google\.com\/#btnI=/
score BODY_REDIRECT_TRICK 50
but it seems this is ignored or just wrong