Here is how I stop current PayPal fishing using postfix and body_checks:

- install postfix with pcre support
- add the folowing line in main.cf:
  body_checks = pcre:/etc/postfix/body_checks
- create the file /etc/postfix/body_checks with the following content

=====cut here=====
/href="http:[^>]+">https:\/\/www\.paypal\.com/ REJECT Rejected: PayPal Fishing
=====cut here=====

- reload postfix, you're done!



It's easy to understand, this kind of fishing ask the user to click on a false
link with a name starting with httpS but with a false href without ssl ;)