Updating Spamassassin Filters

[sakshale@]

Two questions;

[1] Is there an easy way to update the spamassasin filter set, without breaking the Plesk updater?

[2] Is there a way to feed spam to spamassisin as installed, to "train" it?

Thanks

 

[Herby]

add rules as u want

if an update come backup your config file with rules.

 

[teknovision]

sorry no answer just the same question as [2].. .

How do you train Spam Assassin in Plesk? I have proactively created a mailbox with 660+ spam emails (don't know whether that was a waste of time or where the mailbox lies on the server though)

Many thanks for any help you can offer!!

.//phil

 

[whitecurve]

I use the rules available from http://www.rulesemporium.com/ .

They can be installed and kept uptodate with two scripts, rules_du_jour & my_rules_du_jour, which are available from:
http://www.exit0.us/index.php?pagename=RulesDuJour

This simply add rulesets to /etc/mail/spamassassin which is used by spamassassin at all levels (server & personal). Simply config my_rules_du_jour with the rulesets you want to add and chage the file locations if needed. The simply run it daily and it will mail you when it has updated the rules & restarted qmail.

To add the rules i have tested ammend the line TRUSTED_RULESETS to

TRUSTED_RULESETS="SARE_CODING SARE_HEADER SARE_SPECIFIC EVILNUMBERS SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF SARE_OEM SARE_RANDOM SARE_GENLSUBJ SARE_REDIRECT SARE_UNSUB";

Another useful ruleset is:
http://mywebpages.comcast.net/mkettler/sa/antidrug.cf

This makes spamassassin very robust indeed.

 

[sakshale@]

Thanks very mush - I will check them out.

 

[ZopfWare]

Could you please detail exactly how one goes about this procedure in Plesk 7.5.1? I'm sometimes a little dense when trying to figure these things out.

Much thanks for your help

 

[Herby]

http://wiki.apache.org/spamassassin/CustomRulesets

2nd very good site about infos and rules

 

[whitecurve]

http://wiki.apache.org/spamassassin/CustomRulesets

tend to repeat almost all of the rules in rules emporium. though its good to be thorough

As to setting up my_rules_du_jour.....
I attach a zip fie with the two files that should be placed into /root/bin

run /root/bin/my_rules_du_jour to check the output and then set a daily crontab like this:

cd /root/bin && ./my_rules_du_jour >/dev/null 2>&1

The ruleset s are defined in the my_rules_du_jour script. All this works on my 7.5.1 which is in a fairly standard setup.

PS) Sorry attaching the zip file didint work. PM me if you want me to send you the zip file.

 

[teknovision]

SA v3 & Plesk Compatability

Hi all!

I received a note from one of the Support Engineers at Plesk saying that SpamAssassin v3 is not supported by Plesk.

Yet, unless I am mistaken all the rules you mention above are v3+ only right?

If you upgraded to v3 and have SA Control Panel, I would appreciate any guidance on how to upgrade safely from v2.63 to v3?

Many thanks for your help,

.//phil

>
No, Plesk doesn't work with SpamAssassin v3.

--
Thanks,
-----------------------------------
Irene V. Drebushchak
Technical Support Engineer
SWsoft, Inc.

 

[whitecurve]

Plesk compatible Packages for spamassassin v3 and lots of other things are available here: http://www.atomicrocketturtle.com/

Ive not tried it yet but would be interested to learn how it works for you.

 

[teknovision]

I've added quite a few filters/rules thanks to you all (!!) unfortunately, spam is still coming through heavily (also increased scores in key affected areas).

How do I know whether the filters are being used (is there a log file?)? and whether SA is actually checking mail (other then the few bits of spam that are tagged)?

Thanks for any help!

.//p

 

[daryl]

You can adjust the scores in the user_prefs file in /var/qmail/mailnames/userdomain/user.

I did a chmod to 666 and then put a hard link to the file in my home directory so I can tweak it with File Manager in Plesk.

 

[whitecurve]

teknovision, you might want to check your maillog for info which should be located in /usr/local/psa/var/log/maillog (or run locate maillog to find it.)

 

[teknovision]

Errors Log, what to do?

whitecurve, thanks for your posts. It seems to 'know' where the rules are but not tagging them, I can't make any odds of the errors.

As there are lots of them I have attached a sample of these errors:

Jan 16 04:35:09 ldu512 spamd[12468]: Unrecognized escape \W passed through at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 612, <GEN140> line 85.
Jan 16 04:35:09 ldu512 spamd[12467]: Unrecognized escape \W passed through at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 612, <GEN136> line 85.

as well as

Jan 16 04:35:09 ldu512 spamd[12467]: Bareword found where operator expected at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 672, near "20_phrases" (Might be a runaway$
Jan 16 04:35:09 ldu512 spamd[12468]: Misplaced _ in number at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 684, <GEN140> line 85.
Jan 16 04:35:09 ldu512 spamd[12467]: ^I(Missing operator before phrases?)

and also

Jan 16 04:35:09 ldu512 spamd[12468]: Unrecognized escape \s passed through at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 768, <GEN140> line 85.
Jan 16 04:35:09 ldu512 spamd[12467]: Unrecognized escape \s passed through at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 768, <GEN136> line 85.
Jan 16 04:35:09 ldu512 spamd[12468]: Unrecognized escape \s passed through at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 768, <GEN140> line 85.

and

Jan 16 04:35:10 ldu512 spamd[12468]: Bareword found where operator expected at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 996, near "70_sare_oem" (Might be a runawa$
Jan 16 04:35:10 ldu512 spamd[12467]: Misplaced _ in number at /usr/share/spamassassin/evilnumbers.cf, rule EVILNUMBER_A_4XX_1, line 996, <GEN136> line 85.
Jan 16 04:35:10 ldu512 spamd[12468]: ^I(Missing operator before sare_oem?)

Your help is as always very much appreciated!!!!!

Cheers

.//phil

 

[whitecurve]

It only seems to tbe the evilnumbers.cf that causes the problem?

so re-download it via:

wget http://www.rulesemporium.com/rules/evilnumbers.cf

Runing spamassassin in debug mode is always useful, so try the next bit with and without evilnumbers.cf being installed.

spamassassin -D --lint
or
spamassassin -D rulesrun=255 --lint

Remember after you fid the error to restart the spamassass service with

/etc/init.d/psa-spamassassin restart

 

[Griffith]

is there a way to see which rules that spamassassin uses?

I've ran RulesDuJour and the three rules I added is located in:
/etc/mail/spamassassin/RulesDuJour/

not really sure how this works

 

[whitecurve]

if they are in /etc/mail/spamassassin they will be picked up by spamassassin in alphabet order. Restart spamassassin to be double sure.

then look for :

debug: ignore: using a test message to lint rules
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "USERNAME/.spamassassin" for user state dir
debug: using "USERNAME/.spamassassin/user_prefs" for user prefs file
debug: using "USERNAME/.spamassassin" for user state dir

 

[Griffith]

how does your /etc/rulesdujour/config file look like? could you post it?

 

[whitecurve]

this is the listing of my_rules_du_jour which is called nightly via cron.

#!/bin/bash
# Version 1.08a

# IMPORTANT! Edit the TRUSTED_RULESETS line to choose which RuleSets to update
TRUSTED_RULESETS="SARE_CODING SARE_HEADER SARE_SPECIFIC EVILNUMBERS SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF SARE_OEM SARE_RANDOM SARE_GENLSUBJ SARE_REDIRECT SARE_UNSUB";


SA_DIR="/etc/mail/spamassassin";                # Change this to your SA local config
                                                # directory, probably /etc/mail/spamassassin.
                                                # For amavisd chrooted, this may be:
                                                # /var/amavisd/etc/mail/spamassassin
MAIL_ADDRESS="[email protected]";                            # Where do Email notifications go
SINGLE_EMAIL_ONLY="true";                       # Send only one notification email per run
SA_LINT="spamassassin --lint";                  # Command used to lint spamassassin
SA_RESTART="/etc/init.d/psa-spamassassin;       # Command used to restart spamd
                                                #/etc/init.d/spamassassin restart";  # Command used to restart spamd
                                                # May be /etc/rc.d/init.d/spamassassin restart
                                                # For amavisd, may be /etc/init.d/amavisd restart
WGET="wget -N"                                  # Location (and flags) of the wget program
PERL="perl";                                    # Location of the perl program
MAILCMD="mail";                                 # Location of the mail program that supports the -s flag
GREP="grep";                                    # Location of the grep program
                                                # (solaris users may want to point this to gnu grep)
RULES_DU_JOUR_SCRIPT="/root/bin/rules_du_jour"; # Where the full rules_du_jour script is located
DONT_CHECK_FOR_RDJ_UPDATES=                     # Set this to "true" to skip checking for
                                                # updates to the Rules Du Jour script itself

####          End Local Settings        ####



# These are bash Array Variables ("man bash" for more information)
declare -a CF_URLS; declare -a CF_FILES; declare -a CF_NAMES;
declare -a PARSE_NEW_VER_SCRIPTS; declare -a CF_MUNGE_SCRIPTS;


############################################
#### Begin Personal Rules File Registry ####
############################################

# If you add more RuleSets to your own registry, please contribute the settings to the [url]www.exit0.us[/url] wiki
# [url]http://www.exit0.us/index.php/RulesDuJourRuleSets[/url]

# IMPORTANT:
# To avoid conflicts between your own registry and the standard
# registry (distributed with the rules_du_jour script), I recommend that you
# start your personal registry index numbers at 1000 or greater.

#### Here is a (fictional) sample of a custom ruleset: FOOBAR. ####

FOOBAR=1000; # Index of FooBar data into the arrays is 1000
              CF_URLS[1000]="http://sandgnat.com/rdj/foobar.404.cf";
             CF_FILES[1000]="foobar.cf";
             CF_NAMES[1000]="Foo's Bar";
PARSE_NEW_VER_SCRIPTS[1000]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | tail -1";

BARBAZ=1001; # Index of BarBaz data into the arrays is 1001
              CF_URLS[1001]="http://sandgnat.com/rdj/barbaz.404.cf";
             CF_FILES[1001]="barbaz.cf";
             CF_NAMES[1001]="Bar's Baz";
PARSE_NEW_VER_SCRIPTS[1001]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | tail -1";


#
#  RulesDuJour Personal Rule for sare_genlsubj
#  add this snippet to rules_du_jour, my_rules_du_jour or /etc/rulesdujour
#  to the Personal Rules section
#  adjust the index numbers if they conflict with your personal ones.
#
#  in case of trouble contact: [email][email protected][/email]

#### Here are settings for single sare_genlsubj* files ####
SARE_GENLSUBJ0=1113;
              CF_URLS[1113]="http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf"
             CF_FILES[1113]="70_sare_genlsubj0.cf";
             CF_NAMES[1113]="SARE General Subject Ruleset 0 for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1113]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i ;' | sort | tail -1";
#    CF_MUNGE_SCRIPTS[1113]="nothing for this ruleset.";

SARE_GENLSUBJ1=1114;
              CF_URLS[1114]="http://www.rulesemporium.com/rules/70_sare_genlsubj1.cf"
             CF_FILES[1114]="70_sare_genlsubj1.cf";
             CF_NAMES[1114]="SARE General Subject Ruleset 1 for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1114]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i ;' | sort | tail -1";
#    CF_MUNGE_SCRIPTS[1114]="nothing for this ruleset.";

SARE_GENLSUBJ2=1115;
              CF_URLS[1115]="http://www.rulesemporium.com/rules/70_sare_genlsubj2.cf"
             CF_FILES[1115]="70_sare_genlsubj2.cf";
             CF_NAMES[1115]="SARE General Subject Ruleset 2 for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1115]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i ;' | sort | tail -1";
#    CF_MUNGE_SCRIPTS[1115]="nothing for this ruleset.";

SARE_GENLSUBJ3=1116;
              CF_URLS[1116]="http://www.rulesemporium.com/rules/70_sare_genlsubj3.cf"
             CF_FILES[1116]="70_sare_genlsubj3.cf";
             CF_NAMES[1116]="SARE General Subject Ruleset 3 for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1116]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i ;' | sort | tail -1";
#    CF_MUNGE_SCRIPTS[1116]="nothing for this ruleset.";

SARE_GENLSUBJ_ARC=1117;
              CF_URLS[1117]="http://www.rulesemporium.com/rules/70_sare_genlsubj_arc.cf"
             CF_FILES[1117]="70_sare_genlsubj_arc.cf";
             CF_NAMES[1117]="SARE genlsubj arc Ruleset for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1117]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | ${TAIL}";
#    CF_MUNGE_SCRIPTS[1117]="nothing for this ruleset.";

SARE_GENLSUBJ_ENG=1118;
              CF_URLS[1118]="http://www.rulesemporium.com/rules/70_sare_genlsubj_eng.cf"
             CF_FILES[1118]="70_sare_genlsubj_eng.cf";
             CF_NAMES[1118]="SARE genlsubj eng Ruleset for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1118]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | ${TAIL}";
#    CF_MUNGE_SCRIPTS[1118]="nothing for this ruleset.";

#### Here are settings for sare_genlsubj ####
SARE_GENLSUBJ=1119;
              CF_URLS[1119]="http://www.rulesemporium.com/rules/70_sare_genlsubj.cf"
             CF_FILES[1119]="70_sare_genlsubj.cf";
             CF_NAMES[1119]="SARE genlsubj Ruleset for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1119]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | ${TAIL}";
#    CF_MUNGE_SCRIPTS[1119]="nothing for this ruleset.";

#fin


#  RulesDuJour Personal Rule for sare_redirect
#  add this snippet to rules_du_jour, my_rules_du_jour or /etc/rulesdujour
#  to the Personal Rules section
#  adjust the index numbers if they conflict with your personal ones.
#
#  in case of trouble contact: [email][email protected][/email]

#### Here are settings for sare_redirect pre 3.0.0 version####
#### Enable munge to activate ham rules
SARE_REDIRECT=1101;
              CF_URLS[1101]="http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf"
             CF_FILES[1101]="71_sare_redirect_pre3.0.0.cf";
             CF_NAMES[1101]="SARE Abused Redirect Subject Ruleset for SpamAssassin (pre3.0.0)";
PARSE_NEW_VER_SCRIPTS[1101]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i ;' | sort | tail -1";
#    CF_MUNGE_SCRIPTS[1101]="sed -e s/#+#//g";

#### Here are settings for sare_redirect post 3.0.0 version ####
#### Enable munge to activate ham rules
SARE_REDIRECT_POST300=1102;
              CF_URLS[1102]="http://www.rulesemporium.com/rules/72_sare_redirect_post3.0.0.cf"
             CF_FILES[1102]="72_sare_redirect_post3.0.0.cf";
             CF_NAMES[1102]="SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0)";
PARSE_NEW_VER_SCRIPTS[1102]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i ;' | sort | tail -1";
#    CF_MUNGE_SCRIPTS[1102]="sed -e s/#+#//g";

#fin


#
#  RulesDuJour Personal Rule for sare_unsub
#  add this snippet to rules_du_jour, my_rules_du_jour or /etc/rulesdujour
#  to the Personal Rules section
#  adjust the index numbers if they conflict with your personal ones.
#
#  in case of trouble contact: [email][email protected][/email]

#### Here are settings for sare_unsub ####
SARE_UNSUB=1121; # Index of sare_unsub data into the arrays is 1121
              CF_URLS[1121]="http://www.rulesemporium.com/rules/70_sare_unsub.cf"
             CF_FILES[1121]="70_sare_unsub.cf";
             CF_NAMES[1121]="SARE unsub Ruleset for SpamAssassin";
PARSE_NEW_VER_SCRIPTS[1121]="${PERL} -ne 'print if /^\s*#.*(vers?|version|rev|revision)[:\.\s]*[0-9]/i;' | sort | ${TAIL}";
#    CF_MUNGE_SCRIPTS[1121]="nothing for this ruleset.";

#fin


############################################
####  End Personal Rules File Registry  ####
############################################

# This command invokes the standard rules_du_jour script
[ -f "${RULES_DU_JOUR_SCRIPT}" ] && \
        . ${RULES_DU_JOUR_SCRIPT} || \
        echo "ERROR: could not find rules_du_jour at configured path: ${RULES_DU_JOUR_SCRIPT}";

 

[Griffith]

at the site, they recommend us NOT using my_rules_du_jour, only rules_du_jour