Question Custom spamassassin rules

[QWeb Ric]

We've created /usr/share/spamassassin/99_custrules.cf and added a bunch of custom rules. As far as I can tell from the documentation the rules within this file are valid, and spamassassin --lint throws no issues, but even after a /usr/local/psa/admin/bin/spammng --restart it doesn't look like these rules are having any affect.

For example, these two rules are supposed to kill anything with park2travel web or email links:

uri CUST_L03 /www\.park2travel\.com/i
score CUST_L03 3
description CUST_L03 contains park2travel links

uri CUST_L04 /\@park2travel\.com/i
score CUST_L04 5
description CUST_L04 contains park2travel email links

But still a tonne of park2travel emails pass through just fine, with scores of around -2.9. Additionally the x-spam-status flag doesn't ever reference these custom rules. For example the latest park2travel email has this flag:

X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,HTML_MESSAGE,SPF_PASS,URIBL_BLOCKED autolearn=ham
version=3.3.2

Any ideas what could be going wrong? I'm wondering if the autolearn=ham flag means that before adding these rules, the server already decided these emails were acceptable?

Server is CentOS 6.9 and Plesk is Onyx 17.0.17.

 

[danami]

Did you remember to restart spamassassin after you added your custom rules?

 

[QWeb Ric]

Hi Danami,

We run /usr/local/psa/admin/bin/spammng --restart after every edit, and there's been occasional full server restarts too.

 

[G J Piper]

I always restart mine using:
service spamassassin restart

I also had to put my global rules directly in this file, to get it working:
/etc/mail/spamassassin/local.cf

Even when you change Spamassassin settings in the UI, the local.cf file modifications you do don't seem to get erased.

 

[QWeb Ric]

Hmm, that's interesting. I did a little digging around your find and came across this thread: spamassassin - and my own rules

Moving the custom rules in to a new file within /etc/mail/spamassassin (rather than editing that local.cf), adding a purposeful error and then doing a --lint, I now see reference to the erroneous line which confirms the custom rules are now read. This doesn't happen when the file sits in /usr/share/spamassassin.

Does this then mean that all of the other rule files in /usr/share/spamassassin are ignored the same as our custom files? There are so many files in here that I'm now thinking Spamassassin on CentOS/Plesk probably isn't as effective as it should be!?

 

[G J Piper]

In the /etc/mail/spamassassin/init.pre file you can find this comment as well:

# There are now multiple files read to enable plugins in the
# /etc/mail/spamassassin directory; previously only one, "init.pre" was
# read. Now both "init.pre", "v310.pre", and any other files ending in
# ".pre" will be read. As future releases are made, new plugins will be
# added to new files, named according to the release they're added in.

Based on this comment I have a custom.pre file in there that successfully loads a secondary plugin, but I haven't tried putting my custom scores in it too.