Additional Spamassassin Rules

Hi,

I implemented the SARE/OpenProtect rules on a previous hosting server, so I decided to try them out on our new Virtualmin server.

I post this here for two reasons:

1. I would appreciate any critiques or improvements. Is this a good idea? What’s the down side?

2. It might help others fight spam.

First off, on my Centos 5.5 Virtualmin server, I found that the sa-updates cron job was commented out by default. Is there a reason for that? I uncommented it so it will automatically update the Spamassassin rules.

http://saupdates.openprotect.com

wget http://saupdates.openprotect.com/pub.gpg
sa-update --import pub.gpg
sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com

vi /etc/cron.d/sa-update

Add one very long line:

23 4 */2 * * root /usr/bin/sa-update --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com 2>&1 | tee -a /var/log/sa-update.log

cat /var/log/sa-update.log

ll /var/lib/spamassassin/3.002005/saupdates_openprotect_com

Test/debug:

sa-update -D --allowplugins --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com

service spamassassin restart

Thanks,

G

Thanks for the info!

Are you finding that it helps reduce your spam?

Also, if you haven’t already, I might suggest looking into Greylisting… I’ve seen it make a rather large difference in the amount of spam that makes it through.

-Eric

Hi Eric,

I don’t know how to quantitatively say that the TARE rules reduce spam, but my gut tells me they do.

With my spam classification threshold set to 4.0, I have been getting 1-3 junk messages get through per day. It seems like I haven’t had any get through the filter since adding the new rules. Not very scientific, I know.

Yes, greylisting was the first ‘extra’ feature I enabled. Past experience has shown me that greylisting alone cuts spam in half…or thereabouts…with very little down-side and with very low resource utilization.

G