February 4, 2006

Adding rules to SpamAssassin and keeping them up-to-date automatically

So I've been getting a lot of spam lately, and decided to add more rules to SpamAssassin. I found two nice solutions for automatically (via cron or the like) download new rulesets. I've decided to go with Maxime Ritter's rule-get perl script, which is like apt-get in many ways. It stuck the script in /usr/local/sbin in case I lose it. :)

To install it on FuguTabetai.com, I had to track down and install the Config::IniFiles module for perl, so I stuck that in /usr/lib/perl5/site_perl/5.8.0/Config/ and was off an running. After picking through the list of rules available, I'll set up a cron job to update the lot once a week and restart spamd, and hopefully that will bite into the spam I've been recieving lately. I'll have to add some negative weight rules as well to make sure some stuff does get through though.

The current list of rules is:

  • TripWire : - No GPG Check :-((
  • sa-blacklist-uri : William Stearn's URI blacklist - No GPG Check :-((
  • sa-random : Searches for spamware mistakes like: %RANDOM_WORD - No GPG Check :-((
  • AntiDrug : Matt Kettler's AntiDrug - No GPG Check :-((
  • SARE_Redirect : Rules to detect commonly abused redirectors and uri obfuscation techniques. - No GPG Check :-((
  • SARE_EvilNumbers : Addresses and phone numbers harvested from spam (complete set) - No GPG Check :-((
  • SARE_BayesPoison : Bayes poison using lists of words with equal length - No GPG Check :-((
  • SARE_html_0 : SARE HTML Ruleset 0 : very safe rules - No GPG Check :-((
  • SARE_html_1 : SARE HTML Ruleset 1 : safe rules - No GPG Check :-((
  • SARE_Header_0 : SARE Header Ruleset 0 : very safe rules - No GPG Check :-((
  • SARE_Header_1 : SARE Header Ruleset 1 : safe rules - No GPG Check :-((
  • SARE_Specific : Rule set which flags specific spam and/or spam from specific spammers - No GPG Check :-((
  • SARE_adult : SARE Adult rules are designed to catch spam with "Adult" material. - No GPG Check :-((
  • SARE_fraud : SARE Fraud Detection Ruleset (for SA ver. 2.5x and greater) - No GPG Check :-((
  • SARE_OEM : Tries to detect people selling OEM software to consumers - No GPG Check :-((
  • SARE_subject_0 : SARE Subject header ruleset 0 : very safe rules - No GPG Check :-((
  • SARE_subject_1 : SARE Subject header ruleset 1 : safe rules - No GPG Check :-((
  • SARE_uri : Looks for spamsign in URI links within emails (compete set). - No GPG Check :-((
  • SARE_obfu : Looks for various tricks spammers use to hide their message from spam filters (complete set) - No GPG Check :-((



Comments

Provide your email address when commenting and Gravatar will provide general portable avatars, and if you haven't signed up with them, a cute procedural avatar with their implementation of Shamus Young's Wavatars.

Comments have now been turned off for this post