SpamAssassin local rules
Matt Kettler
mkettler at evi-inc.com
Mon Feb 26 23:44:28 CET 2007
John Schmerold wrote:
> Over the week-end, I populated the SpamAssassin local rules file with
> email addresses that tend to get marked as SPAM. These are messages I
> don't want to white list because I suspect they may be used by SPAMMERS.
>
> Anyone else try this? What should I worry about and address?
I use a lot of this kind of thing, although the scores I use are much smaller.
Generally I use them mostly to help me track various kinds of spam activity. I
can just grep my logs for rule hits.
I also use them to disqualify mail with certain phrases from the bayes autolearner.
That said, I see nothing wrong with doing stuff like this, but I would recommend
giving your rules a "trial run" at scores less than 0.5 for a week, check your
logs, then up the scores if they aren't hitting any nonspam.
>
> BTW: I get a bunch of SPAM that seems to be harvested from Whois - our
> old street address was Meramec - LOCAL__H_meramec is meant to deal with
> that issue, not sure why, but I also get SPAM with the word manchester
> on the subject line. The Meramec & Manchester spam are the only items
> that consistently come thru our filter.
>
> For the record, here's my
> /etc/mail/spamassassin/local.cf
>
> score LOCAL__geocities 2.2
> score LOCAL__H_horoscope 3.0
> score LOCAL__H_meramec 2.0
> score LOCAL__H_manchester 2.0
> score LOCAL__H_from_nfib -2.0
> score LOCAL__H_from_adweek -2.0
> score LOCAL__H_from_woodyswatch -2.0
>
> body LOCAL__geocities /geocities/i
> describe LOCAL__geocities Includes reference to geocities
Heh, learn something new every day. SA used to not handle things properly if the
score came before the rule.. apparently they changed that.
More information about the MailScanner
mailing list