Header RSS Feed
 
» IT tipps and howto's

Custom SpamAssassin Rules

Last Update: December 10 2010

SpamAssassin can be or is a very good way to fight spam. But there is one problem: The rules are sometimes old, not updated anymore or they don't help you at all (depending what kind of company you work for).

So when I first saw that SpamAssassin still lets through a lot of spam mails, I went on the SARE Rules Website. This site has some additional rules to download, but unfortunately I read on the website that the "SARE Ninjas" are currently too busy with their lives to update the website and the rules. I still use these rules, I am not saying they're bad, but every serveradmin should consider writing your own SpamAssassin rules -> and that's what I did.

I will update this cf file regularly, so you may want to redownload it or start a wget from time to time. The filename will stay the same.You may either download the file and store it with your other SpamAssassin cf files (usually in /usr/share/spamassassin) or copy/paste the content of it into ~/.spamassassin/user_prefs.

-> Download 75_ckrules.cf <-

Please note, the spam scorings are pretty high. I used huge scorings for certain words/expressions where I was sure that they're spam, at least the mails I observed on my mailserver were like this. You may want to adjust that, depending on the types of e-mails you receive.

Here are some notes for some of the rules (not necessarily updated, check out the description rows in the 75_ckrules.cf file instead):

Rule Name Description
CK_VIAGRA_MENTIONED Checks the body of the e-mail for the word "Viagra"
CK_LOTTERY_WINNING Checks the body for typical winning notification words
CK_CASINO_LOTTO Checks the body for typical Casino and/or Lotto words
CK_VIAGRA_SUBJECT Checks the subject for the word Viagra
CK_CIALIS_SUBJECT Checks the subject for the word Cialis
CK_DIVERS_SUBJECT Checks the subject for a whole bunch of words
CK_DIVERS_BODY Checks the body for a whole bunch of words
CK_ERECT_SUBJECT Checks the subject for words like erection
CK_SEX_SUBJECT Checks the subject for the word sex
CK_SUBJECT_COCK Checks the subject for the word cock
CK_SUBJECT_DICK Checks the subject for the word dick; this scoring is lower because Dick could also be a name
CK_MEDICAL_SUBJECT Checks the subject for typical medical words
CK_MEDICAL_BODY Checks the body for typical medical words
CK_RAMADAN_SPAMS Checks the subject for Ramadan Greetings - there were tons of spams like this in August 2009
CK_STRONG_MENTIONED Checks the body for a combination of strong followed by another word (e.g. health = strong health)
CK_BEST_MENTIONED Checks the body for a combination of best followed by another word (e.g. health = best health)
CK_ONLINE_MENTIONED Checks the body for a combination of online followed by another word (e.g. casino = online casino)
CK_FREE_MENTIONED Checks the body for a combination of free followed by another word (e.g. casino = free casino)
CK_PHISHING_BEGGING Checks the body for typical phishing/begging words (my husband died and I want you to transfer money...)
CK_INTERNET_CONNECT Checks the body for "You need to be connected to the Internet to view and follow link". There are currently lots of spams going around with this content (September 2009).
CK_DOMAIN_LISTING Checks the subject for "This is your Final Notice of Domain Listing". A company which wants to charge you to list your domain - unnecessary list and half-illegal method.
CK_SPAM_ADDRESS Checks the sender e-mail address - if it matches add scoring.


Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

6979 Days
until Death of Computers
Why?