You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jaysen Johnson <ja...@gmail.com> on 2006/12/03 22:16:40 UTC
Custom Rules
Hello,
I have been asked by my boss to setup SpamAssassin on the corporate email server with the following rules. A single header should record the cumulative scores for the following:
SPF record not available or not accurate for the sending server- 2 points
Date in the mail header more than 10 minutes out of sync - 1 point
Date in the mail header more than 30 mintues out of sync - 2 points
>From address contains only email address - 1 point
for example flag these xxx@domain.com or <xx...@domain.com> not "X X"
<xx...@domain.com>
Since I am new to SpamAssassin, I am not sure where to begin or if this is even possible. If someone could assist me in setting up these rules I would be greatful.
Regards,
Jaysen B. Johnson
Re: Custom Rules
Posted by Jonas Eckerman <jo...@frukt.org>.
Jaysen Johnson wrote:
> Date in the mail header more than 10 minutes out of sync - 1 point
> Date in the mail header more than 30 mintues out of sync - 2 points
Out of sync with what?
There's nothing meaningful to compare the dates to that can show you that they are 10 or 30 minutes ot of sync with whatrever.
The actual "Date:" header should be created when the users saves the mail to the mail clients outgoing queue.
If the user has a dial-up connection, it might well be hours (sometimes days) before (s)he decides to send the outgoing mails to a server, so you can expect a long delay between the "Date:" field and the first "Received:" field.
In each server the mail passes it might be delayed. Servers usually tries to send mail as fast as possible, but more that 10 minutes delay is perfectly normal, and more than 30 minues isn't that uncommon.
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
Re: Custom Rules
Posted by Jo Rhett <jr...@netconsonance.com>.
Jaysen Johnson wrote:
> Hello,
>
> I have been asked by my boss to setup SpamAssassin on the corporate
> email server with the following rules. A single header should record the
> cumulative scores for the following:
>
> SPF record not available or not accurate for the sending server- 2 points
No. The current module just returns false if it can't find SPF results.
You could submit at patch for /Mail/SpamAssassin/Plugin/SPF.pm
to fix that.
(I just might, since I agree with your logic but it's not as high on my
list as other things)
> Date in the mail header more than 10 minutes out of sync - 1 point
> Date in the mail header more than 30 mintues out of sync - 2 points
No. The rules which deal with dates are:
describe DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
describe DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
describe DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
...etc
And I doubt that a 10-minute variance will catch a lot of spam, really.
It will absolutely catch a lot of ham, especially messages which are
queued and sent later (person working disconnected on a laptop)
> From address contains only email address - 1 point
> for example flag these xxx@domain.com <ma...@domain.com> or
> <xxx@domain.com <ma...@domain.com>> not "X X"
> <xx@domain.com <ma...@domain.com>>
score NO_REAL_NAME 1
There is no matching for From header mapping, but you can add your own
header FROM_ADDRESS_EQ_REAL From =~ /^\s*"([^"@]+\@[^"@]+)"\s+<\1>\s*$/i
describe FROM_ADDRESS_EQ_REAL To: repeats address as real name
score FROM_ADDRESS_EQ_REAL 1
--
Jo Rhett
Network/Software Engineer
Net Consonance
Re: Custom Rules
Posted by Theo Van Dinter <fe...@apache.org>.
On Sun, Dec 03, 2006 at 01:16:40PM -0800, Jaysen Johnson wrote:
> SPF record not available or not accurate for the sending server- 2 points
Check out the current SPF rules. Not available may need some plugin changes.
> Date in the mail header more than 10 minutes out of sync - 1 point
> Date in the mail header more than 30 mintues out of sync - 2 points
What does this mean? That the Date header, after timezone standardization,
says the message is > X minutes old? If so, that's going to be a bad rule
since a mail can be delayed at any point during its travels to the
destination.
--
Randomly Selected Tagline:
"It's a chicken finger device." - Theo, looking at entree
Re: Custom Rules
Posted by "John D. Hardin" <jh...@impsec.org>.
On Sun, 3 Dec 2006, Jaysen Johnson wrote:
> I have been asked by my boss to setup SpamAssassin on the
> corporate email server with the following rules.
> Date in the mail header more than 10 minutes out of sync - 1 point
> Date in the mail header more than 30 mintues out of sync - 2 points
You need to gently adjust your boss' expectations for the promptness
of email delivery.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Men by their constitutions are naturally divided in to two parties:
1. Those who fear and distrust the people and wish to draw all
powers from them into the hands of the higher classes. 2. Those who
identify themselves with the people, have confidence in them,
cherish and consider them as the most honest and safe, although not
the most wise, depository of the public interests.
-- Thomas Jefferson
-----------------------------------------------------------------------
12 days until Bill of Rights day