Additional Spamassassin Rules

3 posts / 0 new
Last post
#1 Sat, 10/30/2010 - 12:41
sonoracomm

Additional Spamassassin Rules

Hi,

I implemented the SARE/OpenProtect rules on a previous hosting server, so I decided to try them out on our new Virtualmin server.

I post this here for two reasons:

1) I would appreciate any critiques or improvements. Is this a good idea? What's the down side?

2) It might help others fight spam.

First off, on my Centos 5.5 Virtualmin server, I found that the sa-updates cron job was commented out by default. Is there a reason for that? I uncommented it so it will automatically update the Spamassassin rules.

http://saupdates.openprotect.com

~~~~~~~~~~~~~~~~~~~~~
wget http://saupdates.openprotect.com/pub.gpg
sa-update --import pub.gpg
sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com

vi /etc/cron.d/sa-update
~~~~~~~~~~~~~~~~~~~~~

Add one very long line:

~~~~~~~~~~~~~~~~~~~~~
23 4 */2 * * root /usr/bin/sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com 2>&1 | tee -a /var/log/sa-update.log

cat /var/log/sa-update.log

ll /var/lib/spamassassin/3.002005/saupdates_openprotect_com
~~~~~~~~~~~~~~~~~~~~~

Test/debug:

~~~~~~~~~~~~~~~~~~~~~
sa-update -D --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com

service spamassassin restart
~~~~~~~~~~~~~~~~~~~~~

Thanks,

G

Tue, 11/02/2010 - 21:17
andreychek

Thanks for the info!

Are you finding that it helps reduce your spam?

Also, if you haven't already, I might suggest looking into Greylisting... I've seen it make a rather large difference in the amount of spam that makes it through.

-Eric

Tue, 11/02/2010 - 23:26 (Reply to #2)
sonoracomm

Hi Eric,

I don't know how to quantitatively say that the TARE rules reduce spam, but my gut tells me they do.

With my spam classification threshold set to 4.0, I have been getting 1-3 junk messages get through per day. It seems like I haven't had any get through the filter since adding the new rules. Not very scientific, I know.

Yes, greylisting was the first 'extra' feature I enabled. Past experience has shown me that greylisting alone cuts spam in half...or thereabouts...with very little down-side and with very low resource utilization.

G