Custom SpamAssassin Rules
Last Update: December 10 2010
SpamAssassin can be or is a very good way to fight spam. But there is one problem: The rules are sometimes old, not updated anymore or they don't help you at all (depending what kind of company you work for).
So when I first saw that SpamAssassin still lets through a lot of spam mails, I went on the SARE Rules Website. This site has some additional rules to download, but unfortunately I read on the website that the "SARE Ninjas" are currently too busy with their lives to update the website and the rules. I still use these rules, I am not saying they're bad, but every serveradmin should consider writing your own SpamAssassin rules -> and that's what I did.
I will update this cf file regularly, so you may want to redownload it or start a wget from time to time. The filename will stay the same.You may either download the file and store it with your other SpamAssassin cf files (usually in /usr/share/spamassassin) or copy/paste the content of it into ~/.spamassassin/user_prefs.
Please note, the spam scorings are pretty high. I used huge scorings for certain words/expressions where I was sure that they're spam, at least the mails I observed on my mailserver were like this. You may want to adjust that, depending on the types of e-mails you receive.
Here are some notes for some of the rules (not necessarily updated, check out the description rows in the 75_ckrules.cf file instead):
| Rule Name | Description |
| CK_VIAGRA_MENTIONED | Checks the body of the e-mail for the word "Viagra" |
| CK_LOTTERY_WINNING | Checks the body for typical winning notification words |
| CK_CASINO_LOTTO | Checks the body for typical Casino and/or Lotto words |
| CK_VIAGRA_SUBJECT | Checks the subject for the word Viagra |
| CK_CIALIS_SUBJECT | Checks the subject for the word Cialis |
| CK_DIVERS_SUBJECT | Checks the subject for a whole bunch of words |
| CK_DIVERS_BODY | Checks the body for a whole bunch of words |
| CK_ERECT_SUBJECT | Checks the subject for words like erection |
| CK_SEX_SUBJECT | Checks the subject for the word sex |
| CK_SUBJECT_COCK | Checks the subject for the word cock |
| CK_SUBJECT_DICK | Checks the subject for the word dick; this scoring is lower because Dick could also be a name |
| CK_MEDICAL_SUBJECT | Checks the subject for typical medical words |
| CK_MEDICAL_BODY | Checks the body for typical medical words |
| CK_RAMADAN_SPAMS | Checks the subject for Ramadan Greetings - there were tons of spams like this in August 2009 |
| CK_STRONG_MENTIONED | Checks the body for a combination of strong followed by another word (e.g. health = strong health) |
| CK_BEST_MENTIONED | Checks the body for a combination of best followed by another word (e.g. health = best health) |
| CK_ONLINE_MENTIONED | Checks the body for a combination of online followed by another word (e.g. casino = online casino) |
| CK_FREE_MENTIONED | Checks the body for a combination of free followed by another word (e.g. casino = free casino) |
| CK_PHISHING_BEGGING | Checks the body for typical phishing/begging words (my husband died and I want you to transfer money...) |
| CK_INTERNET_CONNECT | Checks the body for "You need to be connected to the Internet to view and follow link". There are currently lots of spams going around with this content (September 2009). |
| CK_DOMAIN_LISTING | Checks the subject for "This is your Final Notice of Domain Listing". A company which wants to charge you to list your domain - unnecessary list and half-illegal method. |
| CK_SPAM_ADDRESS | Checks the sender e-mail address - if it matches add scoring. |
