Examples of Spamassassin Rules

Here's where you can go to find great
examples of spamassassin rules:

cd /usr/share/spamassassin/

In this directory are all kinds of
files with spamassassin rules that
catch spam.

Imitate and learn.

Of course, I'm assuming your system
is set up the way mine is. If not,
I'm sure you can find the same files
on your system somewhere.

My system is Debian Lenny Linux. I
always go with the standard install
options.

Your Linux may be different than mine.
I don't know.

Ed Abbott

Customizing Spamassassin

OK. This is how you customize
spamassassin to eliminate specific
kinds of spam emails.

Say, for example, you don't want
any more emails from a guy named
Joe the Rolex Man who has an email
address self-identify blurb
that always includes Joe the
Rolex Man in double quotes.

Hopefully, I'm making this up. If
your name is Joe the Rolex Man, I'm
sorry.

In other words, the sender of the email
is a guy names Joe Rolex. How
do you eliminate all email senders who
have Rolex in their name?

OK. Here are the steps:

1. Find your .spamassassin folder
2. Find the user_prefs file in the folder
3. Add rolex to the file

Obviously, the 3 steps above need further
explanation. Especially the word rolex.
Rolex needs to be a perl regular expression.

So here's some more tips. First some tips on
how to find the .spamassassin folder:

1. It is a hidden folder because it starts
   with a dot
2. Type ls -Al to see it
3. Look for it in your home directory

If you are trying eliminate Joe Rolex
from your entire system, and for every user
on that system, my advice is no good.

I'm telling you how to eliminate Joe Rolex
as a single spamassassin end-user. System
administrators, note the upcoming link.

Here's a much more comprehensive guide to
Spamassassin that will show you how to do
the same thing system-wide:

Custom rules for spamassassin

OK. Back to being a single user
trying to eliminate Joe Rolex.

Presumably you've now found the
user_prefs file under your
home directory. Here's where you will
find it:

~/.spamassassin/user_prefs

Now we need to add a rule to this file.
A rule is something that kicks in when
we want it to.

The rule kicks in and spam get kicked
out.

Our rule is that we are going to make
some attempt to eliminate email sent
to us by Joe Rolex.

Here's what our rule looks like in the
user_pref file:

header ED_ROLEX_FROM        From:name =~ m{rolex}i
describe ED_ROLEX_FROM      From name has rolex in it

One thing you want to do
after writing a new rule
is to run spamassassin's
lint program.

As you have probably surmised,
it gets the lint (bugs) out
of your rules.

Here's how to run lint:

spamassassin --lint

How many points does the
new rule shown above assign?

If the email comes from Joe
Rolex, it defaults to 1 point.

Your can change the default by
using the score directive like
this:

header ED_ROLEX_FROM        From:name =~ m{rolex}i
describe ED_ROLEX_FROM      From name has rolex in it
score ED_ROLEX_FROM         .5

The above code changes the score from
the default of one point to a specified
half a point.

One more minor detail:

Notice that the name of my rule is
always prefaced by this string:

ED_

That's because my name is Ed and I
want to differentiate between rules
written by myself and rules written
by others.

This way, if a rule is not working right,
I know to go fix it.

In other words, sometimes spam gets through.
When a apam gets through and I see that one
of my rules has not been triggered, I go
investigate.

Likewise, if one of my rules gets triggered
on an innocent ham message, I investigate.

Again, it is the followed pre-pended string
on the rule name that signals to me that I
need to reconsider one of my own rules because
it is not quite working right:

ED_

Ed Abbott

Feeding sa-learn an email folder

This is a new blog.

I'm blogging about SpamAssassin
and the things I find that make
SpamAssassin useful.

One thing I like to do to make SpamAssassin
a better performer is to periodically re-feed
it old emails that I have stored in either my
ham email folder or my spam email folder.

I have one spam folder and one ham folder.

I reprocess these old emails periodically in
the hopes of improving SpamAssassin's accuracy.

First, I'll give some general steps for
feeding SpamAssassin ham:

1. Find your ham email folder. The
   place to look? Wherever your email
   reader places these files. In my
   case, I use kmail. Therefore, my
   email folder is a kmail email folder.
2. Feed the folder to sa-learn

OK. Those are the steps, generally
speaking.

Here's the generic command for feeding
ham to sa-learn:

sa-learn --ham your-ham-folder

OK. Now I'll give you the specific steps
I take. Note that the steps I take and the
steps you take are likely to be quite different.

Why? Because I use kmail as my email client
and you likely use something else.

Also, I've used kmail to set up a ham folder
that I can send ham emails to with a single
click. In all likelihood, you have not yet
set up such a folder.

So, read the following steps and translate them
to your own situation.

These are my steps for feeding sa-learn ham on
a Debian Linux system using kmail as my email
client:

1. cd /home/eds_home_dir/.kde/share/apps/kmail/mail/ham
2. sa-learn --ham cur

Simple, isn't it?

Of course, prior to running sa-learn, you want to be
sure, in your own mind, that all the messages in your
ham folder really are ham messages. Otherwise, you
might confuse sa-learn.

What about spam messages?

Well, it is pretty much the same thing.

With spam messages, the generic command
is as follows:

sa-learn --spam your-spam-folder

So, basically, you do the same thing
you did for ham:

1. Find your spam folder
2. Feed the spam folder to sa-learn

Hope this helps!

Ed Abbott