PDA

View Full Version : complete newbie here - please have mercy and help!



Frisky
10-29-2003, 01:25 PM
In preparation for attempting some of the procmail edit's I've seen here, I need to do some tweaking of my SpamAssassin setting, apparantly. Like everyone else, I'm desperate because of 15-20 spams for each good message.

In any event, I need to know what to do if I want SA to NOT flag as spam any e-mails with a specific subject line. I'm using formmail to handle several forms on my site and the ideal solution would be to have it automatically not flag as spam anything that was processed by formmail.

I'll settle for anything that will recognize specific subject lines, though. After I've got that set up, hopefully someone will be able to help with the procmail edits too.

Remember, I'm a complete newbie who's desperate! Use nice little one syllable words of four letters or less, so I'll understand what you're trying to tell me to do.

Thanks!
Frisky

jalal
10-29-2003, 03:02 PM
Have you tried looking at Spamassassin's website?
They have an excellent set of documentation that will guide you quickly and easily to achieve what you desire.
Basically, to get you started, you want to add a new rule to your /etc/mail/spamassassin/local.cf file. The rule will check for the existence of a particular string in the subject line.

See more at: www.spamassassin.org

JDE
10-29-2003, 03:24 PM
I don't think spamassassin has a rule to detect non spam by default using the subject line, it is possible. You will have to enter a new rule, I'm not sure how this is done with WH since my account is in the malfunction mode but on another host I have the rules are in the file rules.cf. There are some good subject line rule examples for detecting HAM (non spam) at: http://www.darkmere.gen.nz/2002/0628.html

Possibly someone can tell you where and which file on WH you insert rules.
Johnie

Frisky
10-30-2003, 01:22 AM
Hi Jalal and JDE.
I've been to the SA website and I'm afraid it's a bit above me. Actually, a lot above me. I understand the whole idea of "paths" to get to the files I need to edit, but the Westhost servers seem to use different paths than they refer to on the SA site.

I'll check the file you refered to jalal, but even after I find it, I still need to know how the syntax works. I don't have a clue and I'm afraid I'll break something by mucking around that deep in the program. I'll also take your advice to check out their site in more detail after work today.

Frisky

jalal
10-30-2003, 02:04 AM
Hi Frisky.

The file that you modify is
/etc/mail/spamassassin/local.cf

What you need to add is something like:
==============
header MYWORD_IN_SUBJECT Subject =~ [some test for string]
describe MYWORD_IN_SUBJECT Subject line contains keyword
score MYWORD_IN_SUBJECT -6.0
==============
The '-6.0' is just to make sure that it doesn't reach the spam level, you could make -9.0 if you really want to be sure.
Look at the URL that Johnie gave you for some sample tests and adapt one of them.
And, check it!

hipstergk
10-30-2003, 07:07 AM
hi there frisky!

if i'm correct, i think you can only change the spamassassin config file to have an effect on your default email address (i.e. domain@domain.com). if your sending results from your forms to any another address at your domain, i'm not sure this will work.

what about something like this, i'm new to procmail myself so i'm throwing this out there. you could have spamassassin set a score threshold of something like 5 (default) and use a procmail file to then filter anything out scoring above 5. this will filter spam from all your email accounts, and not just domain@domain.com. you could then use the procmail file to search the filtered spam for a specific subject line (one matching your formmail) and keep those emails, while discarding all the other spam.

like i said, still new to this so not sure if this will even work. i'll try and come up with some code to play with...see if anything works.

hipstergk
10-30-2003, 07:57 AM
hi there again

just curious, what are the chances of mail sent via your forms actually being considered spam? my site uses a spamassassin setting of 5 with 2 forms on my site, and it filters out spam pretty good. it filters out about 200-300 emails a day across 13 email addresses, and not once has a legit email been dumped. yeah you'll still get some spam in, but the percentages will be much lower than before...and you can always play with the score threshold (lowering/raising depending on how it works for ya). so as long as you're pretty sure your formmail shouldn't be considered spam, you could get away with just having a procmail file filter out anything above your spamassassin setting.

FZ
10-30-2003, 11:03 AM
Frisky,

If the e-mails you don't want to run through SpamAssassin are always from the same address, or always have the same subject - i.e. any easy differentiating "fingerprint", then you can add a simple Procmail rule to your global Procmail file: /etc/procmailrc - you could change the existing block that sends mail to SpamAssassin to exclude mail with a specific subject, etc. (i.e. anything that does not have that "fingerprint"). Since you say you are a complete newbie, I'd be willing to help you with this, but I obviously need more details from you.

I can understand not wanting to create new SpamAssassin rules, etc. Those are above me too (well okay, if I put my mind to it I could do it, but I am just too darn lazy). Besides, if you can do it with Procmail so simply, why bother?

Hope that helps.

FZ
10-30-2003, 11:11 AM
hipstergk,

You can always add exclusion rules to SpamAssassin, or even to Procmail (as above) so that specified incoming e-mail is not touched at all - that way you don't need to worry at all. And about that domain@domain.com SpamAssassin config, please refer to my reply here: http://forums.westhost.com/phpBB2/viewtopic.php?p=7290#7290

Frisky
10-30-2003, 12:32 PM
hipstergk and fz,

yes, all of the stuff that's absolutely "mission critical" would have the same "fingerprint". Either the same subject line, or the same referer, or both, depending on whether it was from an e-mail link, or my online form.

For example, one of my forms is set to deliver the to me with the subject line:

Dachshund(s) needing home submission

I've had several tagged as spam, usually because the person filling out the form has used all caps in their e-mail address, or they are using an e-mail address that ends in numbers, or both. Yet, despite the fact that most spams come with those types of addresses, I need to ensure that everything that has those words in the subject line does not get flagged as spam. Otherwise, I might end up sending an animal in need off to /dev/null (?).

There are other subjects that I would want to add, but this one is probably the most important one across my entire site.

Frisky

hipstergk
10-30-2003, 01:50 PM
oops! :wink:

hipstergk
10-30-2003, 02:12 PM
ok, i think i'm gettin' a grasp of this...

i've got one form on my site as well that must get through, so i've been playin' around with my procmail file and have come up with something that works.


MAILDIR=/
LOGFILE=procmail.log
#VERBOSE=YES
LOGABSTRACT=YES
SHELL=/bin/sh

:0
* ^X-Spam-Flag: YES
* !^Subject: .*whatever your subject is.*
mail/rejected

* ^X-Spam-Flag: YES says lets look at everything thats considered spam

* !^Subject: .*whatever your subject is.* says with the exception of any email with the specified subject

mail/rejected says lets throw any email considered spam without that specified subject into a folder called rejected.

i went and tested it out with some email:
1 regular email i was sure should go through
1 spam email that should be bounced to my rejected folder &
1 spam email w/ my specified subject line that should get through now

and all did as expected! ya!

so you should be able to take the code above and save it to a file called .procmailrc using a text editor such as notepad. make sure to change the subject, and if you'd rather not save the spam you can change the line mail/rejected to /dev/null, but be carefull...this will delete anything considered spam by spamassassin.

you'll then want to upload the file to your root folder /, make sure you do this in ASCII mode not binary. once you have the file upload you'll need to CHMOD the file to 644.

voila, send some test email to check it out...hope this helps frisky

and fz, when you check this out, please let me know if i've messed it up in any way. so far so good on my site.

FZ
10-30-2003, 02:19 PM
hey hipstergk,

Looks good, except one small mistake ;) Well, it's not a mistake, rather just a little bit of redundant code. The .* after "... subject is" is redundant. You can remove it, and Procmail will still match the subject (even if it has text after the 'is'). Good job. I'm going to post my method now though, which is slightly different to yours...

FZ
10-30-2003, 02:25 PM
Just to get you started, open up the procmailrc file in the /etc folder with a text editor. You should make a backup copy of the existing one before you overwrite/make changes. Look for the following code block near the end of the file:


# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0
* ! ^FROM_DAEMON
* < 256000
{
:0 fw: /var/lock/spamassassin.lock
| /spamassassin
}
# END SPAMASSASSIN BLOCK

Now, since you want to filter by subject, you need to "change" the following:


* ! ^FROM_DAEMON

so that it reads:


* ! ^FROM_DAEMON
* ! ^Subject: Dachshund\(s\) needing home submission$


i.e. you are just adding that extra line below it.

Just a short explanation of what that is doing: the * marks that this is a condition - since we already have a * line before this, this line becomes an AND condition. The ! means NOT (inverse) condition. ^ marks the start of the line, and the rest of the line is obvious: it is just matching that EXACT subject text. The $ at the end signals that an end of line/new line character should be found straight after the 'n' from 'submission'. Since brackets have special meaning, we need to escape them with a \ (backslash). Of course, you can modify this as needed, and you can add as many of these lines as you need. So in this case, an e-mail with that exact subject is not even processed by SpamAssassin - it is simply "left alone" with no modification whatsoever.

As noted in almost all other Procmail posts, and by hipstergk above, if you are using FTP for this, you need to upload the file in ASCII/plain text mode, and once you are done uploading it, you need to CHMOD 644 procmailrc

If there are other things you need to exclude by, e.g. To: or From:, etc. let me know and I'll help you out with those as well.

Frisky
10-30-2003, 02:41 PM
I'll give this a try and see how it works. After backing up what's there, of course. I've seen that little bit of advice too often to risk ignoring it!

If I need to add additional subject lines, would I simply create another * ! ^Subject: line underneath the first one, or would I need to make it an extension of the first one? I'll actually be adding 5 or 6 additional subjects in the future, but this one was the most critical.

Thanks Fayez! I owe ya! (you too, hipstergk!)

Frisky

Frisky
10-30-2003, 02:47 PM
BTW - what about the "spamassassin lock" notation in the file? Does that remain there, or should it be removed? I do get quite a few attachments, some in the multi-meg size range.

FZ
10-30-2003, 02:56 PM
No problem, Frisky.

Since you need to do an "AND NOT" condition on each one, you need to add it below the first one, like this:


# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0
* ! ^FROM_DAEMON
* ! ^Subject: Dachshund\(s\) needing home submission$
* ! ^Subject: Subject number two$
* ! ^Subject: Subject number three$
* ! ^Subject: And so on$
* < 256000
{
:0 fw: /var/lock/spamassassin.lock
| /spamassassin
}
# END SPAMASSASSIN BLOCK


I've put the whole block there to answer your other post: you should not change anything else there. That * < 256000 is a condition that tells Procmail that only mail less than 256kb in size should be processed by SpamAssassin. So don't worry, your multi-meg files are not processed!

Frisky
10-30-2003, 03:19 PM
That's exactly what I needed! Once I've got my "mission critical" stuff set up to pass through unmolested, I don't mind if I lose an occassional valid e-mail to /dev/null.

Once I've got this set up for my subject lines, I think I already saw the instructions for having the stuff SA flags as spam deleted automatically.

If you ever find yourself in northern Florida, I want to shake your hand!

Frisky

FZ
10-30-2003, 03:49 PM
I'm glad that helped you :D And thanks for the offer, I'll keep it in mind the next time I am in the States (probably 2004/2005) ;)