Custom SpamAssassin Rules
Last Update: December 10 2010
SpamAssassin can be or is a very good way to fight spam. But there is one problem: The rules are sometimes old, not updated anymore or they don't help you at all (depending what kind of company you work for).
So when I first saw that SpamAssassin still lets through a lot of spam mails, I went on the SARE Rules Website. This site has some additional rules to download, but unfortunately I read on the website that the "SARE Ninjas" are currently too busy with their lives to update the website and the rules. I still use these rules, I am not saying they're bad, but every serveradmin should consider writing your own SpamAssassin rules -> and that's what I did.
I will update this cf file regularly, so you may want to redownload it or start a wget from time to time. The filename will stay the same.You may either download the file and store it with your other SpamAssassin cf files (usually in /usr/share/spamassassin) or copy/paste the content of it into ~/.spamassassin/user_prefs.
Please note, the spam scorings are pretty high. I used huge scorings for certain words/expressions where I was sure that they're spam, at least the mails I observed on my mailserver were like this. You may want to adjust that, depending on the types of e-mails you receive.
Here are some notes for some of the rules (not necessarily updated, check out the description rows in the 75_ckrules.cf file instead):
|CK_VIAGRA_MENTIONED||Checks the body of the e-mail for the word "Viagra"|
|CK_LOTTERY_WINNING||Checks the body for typical winning notification words|
|CK_CASINO_LOTTO||Checks the body for typical Casino and/or Lotto words|
|CK_VIAGRA_SUBJECT||Checks the subject for the word Viagra|
|CK_CIALIS_SUBJECT||Checks the subject for the word Cialis|
|CK_DIVERS_SUBJECT||Checks the subject for a whole bunch of words|
|CK_DIVERS_BODY||Checks the body for a whole bunch of words|
|CK_ERECT_SUBJECT||Checks the subject for words like erection|
|CK_SEX_SUBJECT||Checks the subject for the word sex|
|CK_SUBJECT_COCK||Checks the subject for the word cock|
|CK_SUBJECT_DICK||Checks the subject for the word dick; this scoring is lower because Dick could also be a name|
|CK_MEDICAL_SUBJECT||Checks the subject for typical medical words|
|CK_MEDICAL_BODY||Checks the body for typical medical words|
|CK_RAMADAN_SPAMS||Checks the subject for Ramadan Greetings - there were tons of spams like this in August 2009|
|CK_STRONG_MENTIONED||Checks the body for a combination of strong followed by another word (e.g. health = strong health)|
|CK_BEST_MENTIONED||Checks the body for a combination of best followed by another word (e.g. health = best health)|
|CK_ONLINE_MENTIONED||Checks the body for a combination of online followed by another word (e.g. casino = online casino)|
|CK_FREE_MENTIONED||Checks the body for a combination of free followed by another word (e.g. casino = free casino)|
|CK_PHISHING_BEGGING||Checks the body for typical phishing/begging words (my husband died and I want you to transfer money...)|
|CK_INTERNET_CONNECT||Checks the body for "You need to be connected to the Internet to view and follow link". There are currently lots of spams going around with this content (September 2009).|
|CK_DOMAIN_LISTING||Checks the subject for "This is your Final Notice of Domain Listing". A company which wants to charge you to list your domain - unnecessary list and half-illegal method.|
|CK_SPAM_ADDRESS||Checks the sender e-mail address - if it matches add scoring.|
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Surveillance Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics PowerDNS GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB ELK Elasticsearch Containers Rancher Docker AWS Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu