PDA

View Full Version : how often does WH update the spamassassin filters?



Frisky
11-06-2003, 04:48 PM
Anyone happen to know how often the SpamAssassin filters are updated by Westhost? Thanks to the help of the kind folks on this forum, I'm down from well over 300 spams a day, to less than 100.

Problem is, my e-mail client (Eudora 6, with the Spamnix plug-in) is still catching an awful lot of stuff that I would have thought would have been caught by SA and filtered out at the server. Especially since the Spamnix plug-in is based on SA. (works great, btw. Well worth the shareware fee!)

If I'm responsible for updating the filters myself, any guidance that can be provided would be appreciated.

ccwebb
11-06-2003, 06:44 PM
Frisky:

I do not know the answer to your question but are you aware that you can put in your own rules to further reduce your spam email?

Charlie

jalal
11-07-2003, 01:08 AM
I've just upgraded spamassassin to the latest, 2.60 version. I'll be putting details up on my site (much) later today on how to do it and on how to fine tune it.

http://www.gnomedia.com/cw/westhost/

Frisky
11-07-2003, 01:51 AM
Frisky:

I do not know the answer to your question but are you aware that you can put in your own rules to further reduce your spam email?

Charlie
----
Yes, I knew about that, but I'm not familiar enough with *nix configurations (syntax, etc) to want to risk it on my own. I don't mind taking it on with step by step guidance, written in nice, little one syllable words of four letters or less, but on my own, I just don't trust myself. I'm too new to the platform. I am learning, but the curve is steep.

Frisky

ccwebb
11-07-2003, 06:41 AM
Frisky:

Here are two rules - one for the body of the message and one for the subject. You would put these into file /etc/mail/spamassassin/local.cf.

If you are getting spam that has certain words that you can identify then adjust these samples accordingly.

# Trap mail with pills in body
body L_b_pills /(viagra|vicodin)/i
describe L_b_pills screen out viagra or vicodin in body
score L_b_pills 10.00

# Trap mail with pills in subject
header L_h_pills2 Subject =~ /(viagra|vicodin)/i
describe L_h_pills2 screen out viagra or vicodin in subject
score L_h_pills2 10.0

The ten point score is to force the email over the spam threshhold.

Give it a try.

Charlie

wildjokerdesign
11-07-2003, 10:24 AM
Hmm... I really wish I would have mentioned to WestHost in the 2.0 questionar that it would be great if they coulc add a userfreindly interface for adding what ccweb suggets. They could call it Trap Body Words and Trap Subject Words. Maybe they will read this... :)

qwerty
11-13-2003, 08:59 AM
jalal, did not see your Spamassassin 2.6 install notes on

http://www.gnomedia.com/cw/westhost/

Was it a pretty easy update to the 2.52 version running on WH2.0 SiteManager install?

jalal
11-13-2003, 09:17 AM
Yes it was pretty straight forward.

And the notes, are done, just need uploading. I found there was a bunch of other stuff I needed to add as well so it just took a little longer than I expected... this evening looks like a possbility.

8)

Frisky
11-14-2003, 01:54 PM
I think I found an easy way to add all these rules. I use Eudora as my e-mail client, along with a plug-in which is based on Spamassassin, called Spamnix. I don't know if this is going to work or not, since I'm pretty green about how things like this work, but I know the Spamnix plugin has been pretty reliable about it's filtering on the client side. I'm hopeful that it's "rules" will prove equally effective on the server side. All I have to do now is figure out how to ensure that the rules actually result in the mail being tagged in such a way that they get filtered out, rather than just sent onwards to me with the report that they are spam.

What I did was, I opened up the plug-in and copied all the rules (and the local.cf file that was also there, which calls those rules) to /etc/mail/spamassassin

When I tried it with the local.cf file that was there, the rules were dutifully executed and all of my spam came with the "Spamnix Report" appended to the end of them, so I'm hopeful that these rules, combined with the procmail edits FZ gave me earlier, will cut me below the 200 S.A.D. (spams a day) mark. I'll let you know.

Frisky

Frisky
11-14-2003, 02:07 PM
Nope. Didn't work. Just got one, faithfully marked with the spam report, but I would much prefer to have that sent off to /dev/null (what exactly is /dev/null anyway? I've seen it here and from the context, I'm assuming it's the equivalent of the intergalactic bit-bucket?).

In any event, I'm convinced I'm on the right track. Maybe I just need to add something to my procmailrc that will recognize the report? The format is consistant, so I can't imagine that it would be hard to do (could it?)

Frisky

jalal
11-14-2003, 03:16 PM
Notes on upgrading SpamAssassin are in place:

http://www.gnomedia.com/cw/westhost/spamtips.php

Let me know of any problems or things I've missed.

torrin
11-14-2003, 04:13 PM
. . . I would much prefer to have that sent off to /dev/null (what exactly is /dev/null anyway? I've seen it here and from the context, I'm assuming it's the equivalent of the intergalactic bit-bucket?).

The /dev/null answer is in the post linked below. Sorry, don't know anything about spamassassin.

http://forums.westhost.com/phpBB2/viewtopic.php?p=7241#7241

Frisky
11-14-2003, 04:22 PM
Cool! This not only explains the /dev/null for me, but it sounds like a variation on this would actually accomplish what I want to do.

I'ld like to have a specific string matched in the body of the messages, AFTER it's been through SA, which will tell procmail to send the message off to nowhere.

Any suggestions? The rules I mentioned earlier always append a specific string to the bottom of the message. Is there a way I could leverage that to act as a filter?

Frisky

FZ
11-15-2003, 10:33 AM
If I understand correctly what it is you want to do, there are two ways you can do it:

1. If you are already filtering mail with a high SpamAssassin score, then all you need to do is assign a higher score to mail that contains the string (i.e. edit your user_prefs or local.cf to give the relevant SpamAssassin test a high enough score for it to be filtered).

OR

2. You can use Procmail to match the string in the body of the message like this:


:0B:
* ^Lose weight now$
/dev/null


As usual, make sure to test it thoroughly (and filter to a file instead of /dev/null). Just in case you do not know, the ^ marks the beginning of the line, and $ marks the end of it. If you need to match the string anywhere in the body, then just remove these two characters - just keep in mind that your string should be something you would never see in legitimate mail!

Frisky
11-15-2003, 06:20 PM
Notes on upgrading SpamAssassin are in place:

http://www.gnomedia.com/cw/westhost/spamtips.php

Let me know of any problems or things I've missed.
---
I've been trying your spamassassin upgrade, since now I'm getting lots of stuff that's not getting tagged as spam, as well. I've been following your instructions, but when I came to the Makefile.PL instructions, here's what happened:

[drwp][~/src/Mail-SpamAssassin-2.60]$ make -f Makefile.PL PREFIX=/sa SYSCONFDIR=/saconf
Makefile.PL:1: *** missing separator. Stop.
[drwp][~/src/Mail-SpamAssassin-2.60]$

Any idea's as to what I am doing wrong?

Frisky

Frisky
11-15-2003, 06:31 PM
I should mention, my entry is all on one line. I didn't really use a return after the PREFIX=/sa and the SYSCONFDIR=/saconf

frisky

jalal
11-16-2003, 02:38 AM
Yes, I seem to have typed wrongly the instructions. What you need to do is:

$ perl Makefile.PL PREFIX=/sa SYSCONFDIR=/saconf
$ make
$ make install

Sorry 'bout that, I've updated the page as well. Thanks for letting me know.

Frisky
11-16-2003, 06:16 AM
Thanks, Jalal. I feel better about my ability to follow simple instructions now.

It seems to have installed okay, although I did get a warning about the version of perl and the probability that the install would fail. Beyond me, but hopefully this will help. Between the time I went to bed last night, and the time I got up this morning, 77 pieces of e-mail arrived at my inbox, 74 of which were spam. Eudora properly flagged all of them as they arrived, yet my original SA version let them all through as ham.

Just out of curiosity, if (for some reason) it becomes necessary to restore the original SA version, will there be instructions on your site for that as well? I don't see that happening, but as I've said, I'm new to the CLI.

Frisky

jalal
11-16-2003, 06:51 AM
Well, its in /etc/procmailrc that you point procmail to using the newly installed spamassassin, you can just undo the changes there.

if you renamed the old spamassassin binary, name it back:

mv spamassassin-2.52 spamassassin

and point procmail back to that
i.e. in procmailrc from
....
| /sa/bin/spamassassin

to
....
| /spamassassin

Basically we are installing the new spamassassin in parallel with the old one, so switching between the two should be easy. And, when you get mail that is tagged in your mail box, there should be a line giving the version of spamassassin used, which should, after the changes, be 2.60

I've cut my reception of spam down from 200-300 a day to about 10 -20 a day. Annoying, but manageable.

dansroka
11-20-2003, 04:40 PM
Jalal, thanks for posting your webpage on how to update Spamassassin. Unfortunately, I also had trouble running it all the way through. At the end of the first "make" command, I get the following:


checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.
./configure: sort: command not found
./configure: sort: command not found
make: *** [spamd/binaries.mk] Error 1


On a whim, I proceeded with the "make install" and got the same message. When I checked my root directory, I couldn't find either /sa or /saconf.

Any thoughts on what happened?
Thanks!

FZ
11-20-2003, 04:53 PM
dansroka,

You need to install the GNU Compiler Collection (the "GCC" that could not be found in the first line of the code you pasted): log in to your Site Manager, click on Site Applications > Development > GNU Compiler Collection. Then repeat the process described on Jalal's web site.

dansroka
11-20-2003, 05:03 PM
Thanks FZ. I added the GCC and the make went without a hitch. Thanks for the quick help!

FZ
11-20-2003, 05:13 PM
No problem ;)