spamassassin/user_prefs

Nigel Wade nmw at ion.le.ac.uk
Wed Mar 24 15:25:06 UTC 2004 

Charles Howse wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday 24 March 2004 03:55 am, Nigel Wade wrote:
> 
>>Charles Howse wrote:
>>
>>>jdow has pointed me to a page with custom rulesets:
>>>http://wiki.apache.org/spamassassin/CustomRulesets
>>>but I'm still interested in comments or generic settings for my
>>>~/.spamassassin/user_prefs file.  Anyone care to share?
>>
>>I'm not sure there really are any generic settings in user_prefs. The
>>entire point of user_prefs is for user specific custom settings.
> 
> 
> "Generic" may have been a bad choice of words.
> I have 'score MICROSOFT_EXECUTABLE 5' in my user_prefs, and as a Linux user, I 
> consider that something that should be there.
> It's that kind of thing I'm talking about.

That's very much personal preference, and exactly what user_prefs is for.
Our mail server rejects those before they even get to SA or the virus scanner.

> 
>>One thing I always do, however, with a new install of SA is to set any
>>tests which have negative scores to zero. The spammers are no longer
>>stupid, and they know SA is used in many servers so deliberately target SA.
>>If there's a way to reduce the SA score they will exploit it, so I remove
>>the negative scores before they get a chance. One specific case was when SA
>>assigned a negative score to a Subject: field with Re: in it. How many
>>spams now have Re: in the subject?
> 
> 
> **Lots** of spams now have Re: in the subject.  
> 
> You lost me when you talked about setting tests with negative scores to zero.
> Can you talk a little more about that, please?

All the scores for each test SA runs are in 
/usr/share/spamassassin/50_scores.cf.
There used to be quite a few of these which had negative scores, i.e. would 
make the mail appear less like spam. E.g Re: as I mentioned above, and 
various user agent headers such as Pine, Mozilla etc.

These now appear to have been removed from the scoring system, presumably 
because they were more harm than use. But I still check to see if any new 
scores are assigned as negative and then decide for myself if that's what I 
want them to be.

> 
> BTW, I noticed in the header of my original message that one of the 
> charter.net clustered mail servers is blacklisted...
> X-RedHat-Blacklist-Warning: Relay 209.225.28.220 is blacklisted by SORBS
> X-RedHat-Spam-Score: 4.8 ****
> 
> Do you think that there are so many spammers with a charter.net domain name 
> that eventually all their mail servers may end up blacklisted...?

That's hard to say. It depends why they have been blacklisted.

> 
> What does "RedHat" in the header info refer to?  Did the RedHat.com list 
> server insert that line, or does it just refer to the operating system?  
> Whose computer inserted that line?
> 

I presume the list has a spam filter and the header was put in there by the 
filter.


-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555

More information about the fedora-list mailing list