Free tech support / small logo


How do I add custom SpamAssassin rules for content filtering?

Dave, using SpamAssassin, how do I proceed with content filtering? I want to block 15 words that can appear in the email being sent to me. I already have SpamAssassin set up on my Linux system, I just need to figure out how to configure the rules file properly!
Dave's Answer:

While I'm also a big fan of SpamAssassin, I'm the first to admit that the rules can be more than a bit confusing, and when you have a bad rule, odd things can occur, especially if you don't actually test your rules before you install them.

But let's start at the beginning...

Your local SpamAssassin rules should be stored in a file called /etc/mail/spamassassin/local.cf if you want the rules applied to every user on the system, or ~/.spamassassin/user_pref if you want to have them only apply to your own email. All rules have three components:

  • The rule itself
  • A 2-5 word description of the rule for SpamAssassin reports (optional),
  • A commensurate scoring for the rule if matched
As a simple example, here's a rule that applies against the body of messages that are being filtered: 
body        NO_VIOXX    /vioxx/i
score       NO_VIOXX   10
description NO_VIOXX   messages that contain the word Vioxx
In this case, any message that contains "Vioxx" (without regard to the mix of upper and lower case, which is what the 'i' accomplishes in the pattern) will be given a score of +10, which might by itself make this an undelivered spam message (it actually depends on what threshold you specify in your configuration file).

Having shown that, I use rawbody rather than body so that it catches words that appear in HTML formatted messages and messages with base64 or any other encoding scheme. Here are two actual rules from my own SpamAssassin rule set: 

rawbody BECAUSE_OPTIN           /because you opted-in/i
score   BECAUSE_OPTIN           5.0

rawbody DEALSMINUTE             /dealsbytheminute/i
score   DEALSMINUTE             5.0
The first thing you'll notice is that I don't bother with the description field. I just try to use sufficiently mnemonic rule names.

Don't be fooled into thinking that you can only match rules and have things be more spammy. You can do the opposite instead, as shown here: 

header  ITS_DEREK               ALL =~ /derek\@farmprints.com/i
score   ITS_DEREK               -100
Finally, you can also reassign the scoring of built-in rules too, by simply restating the score: 
score   SUBJ_FREE_CAP           4.0
score   FREE_PREVIEW            4.0
score   HTTP_ESCAPED_HOST       4.0
Finally, don't forget to always run the command 
spamassassin --lint
immediately after editing your configuration file to ensure that you haven't introduced any errors or typos into the ruleset!

If you'd still like more information on SpamAssassin, a good place to go is SpamAssassin Rule Help, and you can always pop over to the SpamAssassin site itself.




Categorized: Unix and Linux Help   (Article 3787, Written by )
Tagged:
Previous: Can I fight a magazine publisher withholding payment for my article?
Next: Does it really matter where someone went to college?




Subscribe!
Never miss another Q&A article! Click to subscribe: Add to Google Reader Add to My Yahoo! Subscribe in NewsGator RDF XML
Comments

Hi,

Thanks for writing "how do i add custom spamassassin rules for content filtering". As spamassassin newbie, the page was very helpful to me. On the page there is one error: the filename ~/.spamassassin/user_pref should read ~/.spamassassin/user_prefs plural.

Thank you!
John

Posted by: John J Foerch at February 7, 2006 9:41 AM

Keep in mind that custom rules written within user_prefs are only handled if you are NOT running spamd.

If you use spamd, you must put the custom rules in alternate rules files.

Posted by: ian douglas at June 1, 2007 4:19 PM

Great article!

Only one note: spamassassin would use the word "describe" and not "description" in local.cf.

Ciao, Dino.

Posted by: Dino Ciuffetti at September 21, 2008 2:30 AM

Dave,

Nice. I think there is a bug in one for your example rules. In
rawbody BECAUSE_OPTIN /because you opted-in/i

Perhaps you intended

rawbody BECAUSE_OPTIN /because you opted\-in/i

otherwise it will be equivalent "because you opte[defghi]n"

Posted by: Jose at October 29, 2010 2:36 PM

well thankx,it worked for me..

Posted by: Tahir at June 10, 2011 6:06 AM

I have something to say, now that you mention it, but ...
Starbucks coffee cup I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you for all your efforts on this Web site by buying you a cup of coffee!

I do have a comment, now that you mention it!











Remember personal info?


Please note that I will never send you any unsolicited email. Ever.

While I'm at it, please note that by submitting a question or comment you're agreeing to my terms of service, which are: you relinquish any subsequent rights of ownership to your material by submitting it on this site.









Recent Entries


Search
I Need Help!
Need Help? Ask Dave Taylor!

Linux Journal: Free Issue!

Even More Help

film blog - social media / blogging speaking - business blog - Colorado photography - free tech support
© 2002 - 2012 by Dave Taylor. All Rights Reserved.

Note: This web site is for the purpose of disseminating information for educational purposes, free of charge, for the benefit of all visitors. We take great care to provide quality information. However, we do not guarantee, and accept no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this web site or on any linked site.

[whiteboard marker tray]
"Ask Dave Taylor®" is a registered trademark of Intuitive Systems, LLC.