SpamSnake: filter on content rules

Discussion in 'HOWTO-Related Questions' started by padonker, Apr 23, 2009.

  1. padonker

    padonker New Member

    Guys, lately our server is receiving a whole load of spam, which is passed by the SpamSnake as regular mail. The total score is <0.
    The mail contains random words and a hyperlink, which always points to the same domain; interia.pl

    How do I configure the Snake to filter messages with interia.pl in its body?

    Thanks for any hints

    -Patrick-
     
    Last edited: Apr 23, 2009
  2. topdog

    topdog HowtoForge Supporter

    Are you using the sane security clamav signatures ? They should be able to catch such may.

    Also check your rules that are being matched by the message you could have bayes poisoning.

    To catch the message you will have to write a custom spamassassin rule. something like

    Code:
    body MY_INTERIA_RULE /interia\.pl/i
    score MY_INTERIA_RULE 10.0
     
  3. padonker

    padonker New Member

    Thanks,
    In which conf file do I put such a rule?
     
  4. topdog

    topdog HowtoForge Supporter

    /etc/mail/spamassassin/local.cf
     
  5. padonker

    padonker New Member

    Thanks, that worked a lot, but still too much is passed through.
    I noticed that even though they are found on, amongst others, DCC, the score does not reach my defined level of 5.
    I've looked in all config files but cannot find the right place where to tinker with the scores.
    Any suggestions?

    [​IMG]
     
  6. topdog

    topdog HowtoForge Supporter

    Put your custom scores in /etc/mail/spamassassin/local.cf i suggest you raise your razor scores as well, razor is a network check which is expensive on resources have it score at 0.50 is just not efficient.

    I suggest you score anything in razor at 5.0 and above
     
  7. padonker

    padonker New Member

    is there a place where I can look up the syntax for such things? Don't want to bother for every little thingy :eek:
     
  8. topdog

    topdog HowtoForge Supporter

    for the razor rules you need this

    Code:
    score 5.0 RAZOR2_CF_RANGE_51_100
    score 5.0 RAZOR2_CF_RANGE_E4_51_100
    score 5.0 RAZOR2_CHECK
    And yes, if you read the spamassassin documentation as well as the wiki, writing of rules is explained. You can also look at the rules that come with the installation. You will be some basic perl knowledge though to understand them.
     
  9. padonker

    padonker New Member

    excellent! great help :D
     

Share This Page