» IT tipps and howto's
Custom SpamAssassin Rules
Last Update: December 10 2010
SpamAssassin can be or is a very good way to fight spam. But there is one problem:
The rules are sometimes old, not updated anymore or they don't help you at all
(depending what kind of company you work for).
So when I first saw that SpamAssassin still lets through a lot of spam mails,
I went on the SARE Rules
Website. This site has some additional rules to download, but unfortunately
I read on the website that the "SARE Ninjas" are currently too busy
with their lives to update the website and the rules. I still use these rules,
I am not saying they're bad, but every serveradmin should consider writing your
own SpamAssassin rules -> and that's what I did.
I will update this cf file regularly, so you may want to redownload it or start
a wget from time to time. The filename will stay the same.You may either download
the file and store it with your other SpamAssassin cf files (usually in /usr/share/spamassassin)
or copy/paste the content of it into ~/.spamassassin/user_prefs.
-> Download 75_ckrules.cf <-
Please note, the spam scorings are pretty high. I used huge scorings for certain
words/expressions where I was sure that they're spam, at least the mails I observed
on my mailserver were like this. You may want to adjust that, depending on the
types of e-mails you receive.
Here are some notes for some of the rules (not necessarily updated, check
out the description rows in the 75_ckrules.cf file instead):
| Rule Name |
Description |
| CK_VIAGRA_MENTIONED |
Checks the body of the e-mail for the word "Viagra" |
| CK_LOTTERY_WINNING |
Checks the body for typical winning notification words |
| CK_CASINO_LOTTO |
Checks the body for typical Casino and/or Lotto words |
| CK_VIAGRA_SUBJECT |
Checks the subject for the word Viagra |
| CK_CIALIS_SUBJECT |
Checks the subject for the word Cialis |
| CK_DIVERS_SUBJECT |
Checks the subject for a whole bunch of words |
| CK_DIVERS_BODY |
Checks the body for a whole bunch of words |
| CK_ERECT_SUBJECT |
Checks the subject for words like erection |
| CK_SEX_SUBJECT |
Checks the subject for the word sex |
| CK_SUBJECT_COCK |
Checks the subject for the word cock |
| CK_SUBJECT_DICK |
Checks the subject for the word dick; this scoring is lower because Dick
could also be a name |
| CK_MEDICAL_SUBJECT |
Checks the subject for typical medical words |
| CK_MEDICAL_BODY |
Checks the body for typical medical words |
| CK_RAMADAN_SPAMS |
Checks the subject for Ramadan Greetings - there were tons of spams like
this in August 2009 |
| CK_STRONG_MENTIONED |
Checks the body for a combination of strong followed by another word (e.g.
health = strong health) |
| CK_BEST_MENTIONED |
Checks the body for a combination of best followed by another word (e.g.
health = best health) |
| CK_ONLINE_MENTIONED |
Checks the body for a combination of online followed by another word (e.g.
casino = online casino) |
| CK_FREE_MENTIONED |
Checks the body for a combination of free followed by another word (e.g.
casino = free casino) |
| CK_PHISHING_BEGGING |
Checks the body for typical phishing/begging words (my husband died and
I want you to transfer money...) |
| CK_INTERNET_CONNECT |
Checks the body for "You need to be connected to the Internet to
view and follow link". There are currently lots of spams going around
with this content (September 2009). |
| CK_DOMAIN_LISTING |
Checks the subject for "This is your Final Notice of Domain Listing".
A company which wants to charge you to list your domain - unnecessary list and half-illegal method. |
| CK_SPAM_ADDRESS |
Checks the sender e-mail address - if it matches add scoring. |
|
![[Valid RSS]](http://validator.w3.org/feed/images/valid-rss-rogers.png "Validate my RSS feed"){kind=small}