[sclug] Spam Assassin now what

Patrick Kirk patrick at kirks.net
Sat Oct 25 09:05:43 UTC 2003 

As an addition, I found that the default spamassassin ruleset is set up 
to accomodate people who receive a lot of html only email from hotmail 
users and people who genuinely like to receive a lot of shopping/'click 
here' type email from retailers, newsletters, etc.  If most of your 
email is text based and not from marketing departments, its worth 
looking at adding these to your /etc/spamassassin/local.cf

# Detailed explanation at http://spamassassin.taint.org/tests.html

# 1. Google has only spam info on CacheFlowServer - Jan 27 2003
score RECEIVED_IDENT_CACHEFLOW 10
# 2. Who saves a web page to send an email? - Jan 27 2003
score HTML_COMMENT_SAVED_URL 2
# 3.Who puts tables into their emails? - Jan 27 2003
score HTML_TAG_EXISTS_TBODY 2
# 5. People using a unique id in links to track me - Feb 15 2003
score HTML_WEB_BUGS 4
# 6. HTML oddness - May 30 2003
score HTTP_EXCESSIVE_ESCAPES 5
score HTTP_CTRL_CHARS_HOST 5
score HTTP_ESCAPED_HOST 5
score OBFUSCATING_COMMENT 5
score BASE64_ENC_TEXT 5
# 7. Why would someone legitimately forge these headers? - Jan 27 2003
score FORGED_MUA_OUTLOOK 10
score  FORGED_RCVD_TRAIL 10
score  FORGED_AOL_RCVD 10
score  FORGED_HOTMAIL_RCVD 10
score  SEMIFORGED_HOTMAIL_RCVD 10
score FORGED_EUDORAMAIL_RCVD 10
score  FORGED_YAHOO_RCVD 10
score  FORGED_MX_HOTMAIL 10
score MISSING_MIMEOLE 5
# 8. Russian, Chinese and Korean spam. - Jan 27 2003
ok_locales              en
score CHARSET_FARAWAY 4
score CHARSET_FARAWAY_HEADERS 4
score HTML_CHARSET_FARAWAY 4
score MIME_CHARSET_FARAWAY 4
score UNDESIRED_LANGUAGE_BODY 4
score BODY_8BITS 4
# 9. Block all email from rbl-ed IP numbers - Jan 27 2003
score RCVD_IN_NJABL 4
score RCVD_IN_OSIRUSOFT_COM 4
score RCVD_IN_RFCI 4
score RCVD_IN_DSBL 4
score  RCVD_IN_RELAYS_ORDB_ORG 4
score  RCVD_IN_SBL 4
score  RCVD_IN_ORBS 4
score  RCVD_IN_OPM 4
score  RCVD_IN_BL_SPAMCOP_NET 4
score  RCVD_IN_RBL 4
score  RCVD_IN_RSS 4
score RAZOR2_CHECK 4
score RAZOR_CHECK 4
# 10. Mailing list headers Bayes filtering so exclude them - April 12 2003
bayes_ignore_header ReSent-Date
bayes_ignore_header ReSent-From
bayes_ignore_header ReSent-Message-ID
bayes_ignore_header ReSent-Subject
bayes_ignore_header ReSent-To
bayes_ignore_header Resent-Date
bayes_ignore_header Resent-From
bayes_ignore_header Resent-Message-ID
bayes_ignore_header Resent-Subject
bayes_ignore_header Resent-To
bayes_ignore_header X-Spam-Checker-Version
bayes_ignore_header X-Spam-Status



Chris Aitken wrote:

> I now see your problem.
> 
> You want to get spam assassin to learn on a non-local folder.
> 
> I reckon procmail is the way to go:
> 
> If you already have procmail running, then just add the following:
> 
> # X-Spam-Status -> Spam folder
> :0:
> * ^X-Spam-Status: Yes
> Spam
> 
> That will move all spam tagged email to a folder called Spam in your home
> directory.
> 
> Then you could run a nightly cron job.
> 
> Out of interest, why do you use POP?
> 
> It would only require periodic checking to see if it has had any false
> positives.
> 
> Any help
> 
> Chris
> 
> -----Original Message-----
> From: sclug-admin at sclug.org.uk [mailto:sclug-admin at sclug.org.uk]On
> Behalf Of Tim Sutton
> Sent: 13 June 2003 09:49
> To: Chris Aitken
> Cc: sclug at sclug.org.uk
> Subject: Re: [sclug] Spam Assassin now what
> 
> 
> Take 2:-)
> 
> Machine 1: (server)
> Sendmail
> Spamassassin
> Pop3
> _NOT_ using IMAP
> 
> Machine 2: (client)
> Kmail
> 
> So I have figured out how to filter my spamassassin nail based on the
> headers,
> what I would like to do is be able to train spamass. with spam accummulating
> on my client. I figured 1 way out already - I put all spam in 1 folder under
> kmail and then copy that folder onto the server and run sa-learn on that
> machine on the uploaded folder. I was wondering if there is a more elegent
> solution to this? Ideally  some way of bouncing spam that has not been
> detected by spamass back to the server and having it added to the spam
> filter.
> 
> Writing this, I figure, I could probably use procmail on the server to
> filter
> mail with a designated keyword in the subject into a folder called spam and
> then run sa-learn on it nightly using a cron job. But will my adding a
> keyword to the subject line mess up the learning algorithm of spamass?
> 
> Tim
> 
> On Friday 13 June 2003 9:02 am, Chris Aitken wrote:
> 
>>You obviuously have spamassassin working, as you can see from your
> 
> headers.
> 
>>Either use your MUA to check the headers and stick spam in a separate
>>folder or trash,
>>
>>or
>>
>>Use procmail to pre-filter it into folders on the IMAP server, or send to
>>/dev/null.
>>
>>I am a bit confused as to how you are running your mail server (from your
>>description). If you explain again (slower!!), I can probably help, as I
>>have just spent a month sorting this at work.
>>
>>Chris
>>
>>-----Original Message-----
>>From: sclug-admin at sclug.org.uk [mailto:sclug-admin at sclug.org.uk]On
>>Behalf Of Tim Sutton
>>Sent: 12 June 2003 23:37
>>To: sclug at sclug.org.uk
>>Subject: [sclug] Spam Assassin now what
>>
>>
>>Hi all
>>
>>Sorry I missed the meet last night. :-( I have just set up spamassassin on
>>my
>>server which I collect my email from using kmail & pop. Now what? How do I
>>train it if my mailboxes are not left on the remote server using imap? I
>>see spamass is putting its own header lines into the emails I am receiving
>>which I presume means it is working. All the docs I looked at on the spam
>>assassin home page seem to be server configuration centric. How do I put
>>spamassasin to work from my client pc?
>>
>>TIA
>>
>>Tim
>>--
>>Get my public keys from:
>>
>>http://tim.suttonfamily.co.uk/modules.php?name=Content&pa=showpage&pid=2
>>
>>_______________________________________________
>>sclug mailing list
>>sclug at sclug.org.uk
>>http://www.sclug.org.uk/mailman/listinfo/sclug
>>
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by MailScanner, and is
>>believed to be clean.
> 
> 
> --
> Get my public keys from:
> 
> http://tim.suttonfamily.co.uk/modules.php?name=Content&pa=showpage&pid=2
> 
> _______________________________________________
> sclug mailing list
> sclug at sclug.org.uk
> http://www.sclug.org.uk/mailman/listinfo/sclug
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> 

-- 

Best regards,


Patrick Kirk
Mobile: 07876 560 646

More information about the Sclug mailing list