Writing Spamassassin custom rules |
If you need to write custom rules to spamassassin and trere are a few of them. For example, you want to get rid of some spam which goes through spamassassin and mail's score almost reaches score, to be marked as spam. Simply add rules to /etc/mail/spamassassin/local.cf
For example:
body PASTAS_OPT /Re.move y.ur e.mail:/i
score PASTAS_OPT 1
describe PASTAS_OPT E-mail removal obfuscated
In example there is rule PASTAS_OPT which adds score 1 to e-mail if there is obfuscated sentence in message body Remove your email. The dot symbol match any character (except newline), so sentences like "Re-move y our e~mail:" will be found, and score will be increased. Symbol "i" means that sentence (string) is case insensitive. All rules are written in perl regexp form. More abour regexps you can find here: http://www.perl.com/doc/manual/html/pod/perlre.html Do not add big scores to one rule. Better write more rules with smaller score. After custom spmassassin rules are written, check for correct syntax:
spamassassin --lint
OR
spamassassin -D --lint for more info on errors
However spammers find more and more typos and methods of obfuscation to bypass such rules. So I recommend you to use Rules Du Jour and sa-update scripts. There are both in gentoo portage. Allso when you get spam, send those spam mails to your mail server (in examle /tmp/spam/) and train spamassassin's bayesian filter:
sa-learn --spam /tmp/spam/*
Allso it is important to train bayesian filter with good e-mails. Upload good emails to server (in examle /tmp/ham/) and train filter, showing how good mails looks like:
sa-learn --ham/tmp/ham/*
Finaly, restart spamd or amavisd (depends on your mail/antispam configuration)