You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ramprasad <ra...@netcore.co.in> on 2006/06/22 08:39:00 UTC

sudden deluge of university spams

Hi,
  My servers are suddenly facing a deluge of university spams. All that
"get gen uine de grees from pr estigious univers ities"  type 

These mails have no urls or email addresses, just some phone numbers to
call back. And the spammers are using some virgin routes , so they dont
hit the RCVD_IN_* rules too 

For now I have written my own rulesets to catch these mangled words ..
but I am surprised there arent rules in SARE etc to catch such words
already

If anyone has a better Idea please let me know

Thanks
Ram

Re: Confused about sa-update, directory locations

Posted by Kelson <ke...@speed.net>.
Logan Shaw wrote:
> For what it's worth, I haven't added my own rules (yet), but
> I believe those are done in a separate place, so the fact that
> one set is substituted for another shouldn't cause problems.

Yes, local rules go in their own directory, usually /etc/mail/spamassassin

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>

Re: Confused about sa-update, directory locations

Posted by Logan Shaw <ls...@emitinc.com>.
On Thu, 22 Jun 2006, Greg McCann wrote:
> ...all of the rule files (10_misc.cf, 20_advance_fee.cf,
> etc...) get installed in /usr/local/share/spamassassin/
>
> However when I do sa-update, all of the updated rules go
> to /var/lib/spamassassin/3.001003/updates_spamassassin_org/,
> giving me two complete sets of rules in two different locations.

Yep.  It's supposed to be that way.  SpamAssassin looks in
/var/lib/spamassassin/{version}/{whatever} first and then in
the install directory.  I'm not positive what the reasoning
is behind this, but I believe the idea is probably to avoid
modifying the installed files.  After all, you might install
SpamAssassin through some kind of package manager like rpm,
and it could throw off the package manager if you go changing
its files.

Plus it's just better form not to modify the ones that came
with the version you have installed.  If something goes awry
and the auto-updated rules get messed up, you can always just
nuke them and fall back to the original ones that came with
the install and have a reasonably-working system.

For what it's worth, I haven't added my own rules (yet), but
I believe those are done in a separate place, so the fact that
one set is substituted for another shouldn't cause problems.

   - Logan

Confused about sa-update, directory locations

Posted by Greg McCann <gr...@cambria.com>.
When I first install SA, with...

cd Mail-SpamAssassin-*
perl Makefile.PL
make
make install

...all of the rule files (10_misc.cf, 20_advance_fee.cf, etc...) get installed in /usr/local/share/spamassassin/

However when I do sa-update, all of the updated rules go to /var/lib/spamassassin/3.001003/updates_spamassassin_org/, giving me two complete sets of rules in two different locations.

To get the updated rule files to go to the same location as the original rule files, I thought I would do "sa-update --updatedir /usr/local/share/spamassassin/".  But that didn't work either. It put the new rule files in /usr/local/share/spamassassin/updates_spamassassin_org/, so I still had two set of rules in two different locations.

Why doesn't the location of the rules directory default to the same place whether I am installing SA or using sa-update?

Second question - there are a couple of files that the original SA installation puts in /usr/local/share/spamassassin/ but sa-update does not put in /var/lib/spamassassin/....

user_prefs.template
triplets.txt
sa-update-pubkey.txt
languages

Does SA need any of these files, and will it miss them since it will load default configuration data from the /var/lib/spamassassin/... directory first?

(From the man page:

      Default configuration data is loaded from the first existing directory
      in:

      /var/lib/spamassassin/3.001003
      /usr/local/share/spamassassin
      /usr/local/share/spamassassin
      /usr/local/share/spamassassin
      /usr/share/spamassassin)

Thank you.


Greg

Re: sudden deluge of university spams

Posted by Kelson <ke...@speed.net>.
Ramprasad wrote:
> Hi,
>   My servers are suddenly facing a deluge of university spams. All that
> "get gen uine de grees from pr estigious univers ities"  type 
> 
> These mails have no urls or email addresses, just some phone numbers to
> call back. And the spammers are using some virgin routes , so they dont
> hit the RCVD_IN_* rules too 

I've been seeing them too, but they're all being caught.  The main rules 
that they seem to hit are Bayes, Razor, SARE_SPEC_DIPLOMA and 
TVD_FUZZY_DEGREE BODY (which I think is one of the rules you get by 
running sa-update).

So my recommendations would be (assuming you haven't done these already):
Run sa-update
Turn on Razor2 and Bayes
Grab the sare_specific ruleset
Run sa-learn on the messages.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>