Dave, using SpamAssassin, how do I proceed with content filtering? I want to block 15 words that can appear in the email being sent to me. I already have SpamAssassin set up on my Linux system, I just need to figure out how to configure the rules file properly!
While I’m also a big fan of SpamAssassin, I’m the first to admit that the rules can be more than a bit confusing, and when you have a bad rule, odd things can occur, especially if you don’t actually test your rules before you install them.
But let’s start at the beginning…
Your local SpamAssassin rules should be stored in a file called /etc/mail/spamassassin/local.cf if you want the rules applied to every user on the system, or ~/.spamassassin/user_pref if you want to have them only apply to your own email. All rules have three components:
- The rule itself
- A 2-5 word description of the rule for SpamAssassin reports (optional),
- A commensurate scoring for the rule if matched
As a simple example, here’s a rule that applies against the body of messages that are being filtered:
body NO_VIOXX /vioxx/i score NO_VIOXX 10 description NO_VIOXX messages that contain the word Vioxx
In this case, any message that contains “Vioxx” (without regard to the mix of upper and lower case, which is what the ‘i’ accomplishes in the pattern) will be given a score of +10, which might by itself make this an undelivered spam message (it actually depends on what threshold you specify in your configuration file).
Having shown that, I use rawbody rather than body so that it catches words that appear in HTML formatted messages and messages with base64 or any other encoding scheme. Here are two actual rules from my own SpamAssassin rule set:
rawbody BECAUSE_OPTIN /because you opted-in/i score BECAUSE_OPTIN 5.0 rawbody DEALSMINUTE /dealsbytheminute/i score DEALSMINUTE 5.0
The first thing you’ll notice is that I don’t bother with the description field. I just try to use sufficiently mnemonic rule names.
Don’t be fooled into thinking that you can only match rules and have things be more spammy. You can do the opposite instead, as shown here:
header ITS_DEREK ALL =~ /derek\@farmprints.com/i score ITS_DEREK -100
Finally, you can also reassign the scoring of built-in rules too, by simply restating the score:
score SUBJ_FREE_CAP 4.0 score FREE_PREVIEW 4.0 score HTTP_ESCAPED_HOST 4.0
Finally, don’t forget to always run the command
spamassassin --lint
immediately after editing your configuration file to ensure that you haven’t introduced any errors or typos into the ruleset!
If you’d still like more information on SpamAssassin, a good place to go is SpamAssassin Rule Help, and you can always pop over to the SpamAssassin site itself.
well thankx,it worked for me..
Dave,
Nice. I think there is a bug in one for your example rules. In
rawbody BECAUSE_OPTIN /because you opted-in/i
Perhaps you intended
rawbody BECAUSE_OPTIN /because you opted\-in/i
otherwise it will be equivalent “because you opte[defghi]n”
Great article!
Only one note: spamassassin would use the word “describe” and not “description” in local.cf.
Ciao, Dino.
Keep in mind that custom rules written within user_prefs are only handled if you are NOT running spamd.
If you use spamd, you must put the custom rules in alternate rules files.
Hi,
Thanks for writing “how do i add custom spamassassin rules for content filtering”. As spamassassin newbie, the page was very helpful to me. On the page there is one error: the filename ~/.spamassassin/user_pref should read ~/.spamassassin/user_prefs plural.
Thank you!
John