You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Available Custom Rulesets

Listed below are several custom rulesets that are available as "drop in" .cf files. These rules are not part of the official SpamAssassin distribution. Before running these rules please do the following:

  1. Read any extra info available with the rules, including the comments in the .cf files. 2. Check to make sure that the default scores in these rules fit your installation. You might want to modify scores. 3. Make sure to --lint the rules after loading them. 4. Test the new rulesets. Keep an eye on hits from the new rules to determine if the scoring is right for you.

Use at your own risk.

Status Information BR Active: Ruleset is actively updated and maintained BR Locked: Ruleset is not actively updated, but is fine to run and considered "stable" BR Defunct: Ruleset is no longer maintained, may be out of date or have problems BR BR Auto-update: Author/Maintainer has given permission to use scripts to automate the download of the ruleset BR Please respect the wishes of the authors and/or the site hosts

antidrug.cf BR antidrug.cf is a set of rules designed to catch those pesky "pill spams".BR Created by: Matt Kettler BR Contact: TBD BR License Type: TBD BR Status: TBD BR Auto-update: TBD BR Available at: http://mywebpages.comcast.net/mkettler/sa/antidrug.cf BR Mirror: TBD BR Note: Matt Kettler says "It may not be appropriate for a medical or pharmecutical environment. If in doubt, adjust the scores of all the rules to 0.01 and see if they fire off on your daily nonspam."

backhair.cf[BR] backhair is a set of rules designed to catch those ugly, unsightly HTML tags. [BR] Created by: Jennifer Wheeler [BR] Contact: TBD [BR] License Type: TBD [BR] Status: Locked [BR] Auto-update: No [BR] Available at: http://www.emtinc.net/includes/backhair.cf [BR] Mirror: [http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm merchantoverseas.com][BR] More information on Jennifer's rules: http://www.emtinc.net/spamhammers.htm [BR] NOTE: DO NOT DOWNLOAD VIA RULES DU JOUR OR ANY AUTOMATED SCRIPTS - This set is no longer being updated, but is considered "stable"[BR] Note: This is a fairly aggressive ruleset that can hit on UUencoded attachments...

bigevil.cfBR bigevil is a set of URIs that have been found in spam messages.BR Created by: Chris Santerre BR Contact: TBD BR License Type: TBD BR Status: Active BR Auto-update: TBD BR Available at: http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf BR Mirror: TBD BR Extras: Chris has been kind enough to mirror many of these rulesets on his site, as well as many other custom rulesBR More information on Chris' rules: http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm BR Note: bigevil has gone through a lot of tweaking to lower the memory required to run this large list, this is very helpful is you have a high volume of mail to handle.

bogus-virus-warnings.cf BR bogus-virus-warnings tries to pick out 'collateral spam' caused by viruses. BR Created by: Tim Jackson with contributions from othersBR Contact: TBD BR License Type: TBD BR Status: TBD BR Auto-update: Yes BR Available at: http://www.timj.co.uk/linux/bogus-virus-warnings.cf BR Mirror: TBD BR More information on Tim's rules: http://www.timj.co.uk/linux/sa.php BR Note: Main aim is to catch warnings generated by virus scanners along the lines of "you sent us virus", which are sent to the (usually faked) 'senders' of virus-infected e-mails. Contains many "black-and-white" very-high-scoring rules. (see also http://www.exit0.us/index.php/VirusBounceRules)

chickenpox.cf [or th.is kind of garb+age"[BR] chickenpox is a set of rules designed to catch spam like "l.ooks f] Created by: Jennifer Wheeler [BR] Contact: TBD [BR] License Type: TBD [BR] Status: Locked [BR] Auto-update: No [BR] Available at: http://www.emtinc.net/includes/chickenpox.cf [BR] Mirror: [http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm merchantoverseas.com][BR] NOTE: DO NOT DOWNLOAD VIA RULES DU JOUR OR ANY AUTOMATED SCRIPTS - This set is no longer being updated, but is considered "stable"[BR] More information on Jennifer's rules: http://www.emtinc.net/spamhammers.htm

evilnumbers.cf [BR] evilnumbers is a collection of phone numbers, PO boxes and street addresses harvested from spam.[BR] Created by: Matt Yackley [BR] Contact: sare@yackley.org [BR] License Type: TBD [BR] Status: Active [BR] Auto-update: Yes - Please try to keep checks down to no more then once every 12 hours [BR] Available at: http://www.yackley.org/sa-rules/evilnumbers.cf [BR] Extras: Localized language packs available at the link below. [BR] Mirror: [http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm merchantoverseas.com][BR] More information on Matt Yackley's rules: http://www.yackley.org/sa-rules

sa-blacklist [BR] sa-blacklist is a large set of blacklist entries of domains and IP addresses. [BR] Created by: William Stearns [BR] Contact: wstearns@pobox.com [BR] License Type: GPL [BR] Status: Active [BR] Auto-update: Yes - Please try to keep checks down to no more then once every 4 hours [BR] Auto-update: Preferred method rsync via zaphod.stearns.org::wstearns/sa-blacklist/ [BR] Available at: http://www.stearns.org/sa-blacklist/sa-blacklist.current [BR] Available at: ftp://ftp.stearns.org/pub/wstearns/sa-blacklist/sa-blacklist.current [BR] Mirror: [ftp://ftp.bascom.com/pub/wstearns/sa-blacklist/ ftp.bascom.com] [BR] More information on Bill's rules: http://www.stearns.org/sa-blacklist/README [BR] Note: These are blacklist entries and will tag emails on their own! This link is not a .cf file, you will need to save it with a .cf extension.

sa-blacklist-uri.cf [BR] sa-blacklist-uri is a large set of URIs [BR] Created by: William Stearns [BR] Contact: wstearns@pobox.com [BR] License Type: GPL [BR] Status: Active [BR] Auto-update: Yes - Please try to keep checks down to no more then once every 4 hours [BR] Auto-update: Preferred method rsync via zaphod.stearns.org::wstearns/sa-blacklist/ [BR] Available at: http://www.stearns.org/sa-blacklist/sa-blacklist.current.uri.cf [BR] Available at: ftp://ftp.stearns.org/pub/wstearns/sa-blacklist/sa-blacklist.current.uri.cf [BR] More information on Bill's rules: http://www.stearns.org/sa-blacklist/README [BR] Mirror: [ftp://ftp.bascom.com/pub/wstearns/sa-blacklist/ ftp.bascom.com] [BR] Note: The idea behind this list is similar to bigevil, but are pulled together from different spam. These rules are "flat" ie, one entry per rule, which uses more memory than combining multiple entries into one rule. This should not be an issue if you have lots of memory or a lighter mail load.

sa-random.cf [BR] sa-random searches for spamware mistakes like: %RANDOM_WORD [BR] Created by: William Stearns [BR] Contact: wstearns@pobox.com [BR] License Type: GPL [BR] Status: Active [BR] Auto-update: Yes - Please try to keep checks down to no more then once every 4 hours [BR] Auto-update: Preferred method rsync via zaphod.stearns.org::wstearns/sa-blacklist/ [BR] Available at: http://www.stearns.org/sa-blacklist/random.current.cf [BR] Available at: ftp://ftp.stearns.org/pub/wstearns/sa-blacklist/random.current.cf [BR] Mirror: [ftp://ftp.bascom.com/pub/wstearns/sa-blacklist/ ftp.bascom.com] [BR] More information on Bill's rules: http://www.stearns.org/sa-blacklist/README [BR]

tripwire.cf BR tripwire searches for 3 characters that shouldn't be together.BR Created by: Fred T. BR Contact: TBD BR License Type: TBD BR Status: TBD BR Auto-update: TBD BR Available at: http://www.merchantsoverseas.com/wwwroot/gorilla/99_FVGT_Tripwire.cf BR Mirror: TBD BR Note: These rules are based on the English language, due to the number of rules that can be triggered, problem have been reported by exim users that it can cause the header to go over the byte limit of the exim header limits, also MS Outlook can have problems with rules that look for "message headers" due to a unknown size limit in the amount of headers it will search.

weeds.cf 1&2 [BR] weeds looks for alphabet decimal and hex characters, lower and uppercase. [BR] Created by: Jennifer Wheeler[BR] Contact: TBD [BR] License Type: TBD [BR] Status: Locked [BR] Auto-update: No [BR] Available at: http://www.emtinc.net/includes/weeds.cf or set 2 at: http://www.emtinc.net/includes/weeds_2.cf [BR] Mirror: [http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm merchantoverseas.com][BR] More information on Jennifer's rules: http://www.emtinc.net/spamhammers.htm [BR] NOTE: DO NOT DOWNLOAD VIA RULES DU JOUR OR ANY AUTOMATED SCRIPTS - This set is no longer being updated, but is considered "stable"[BR] Note: Weeds2 is a more restrictive set, DO NOT run both sets at the same time.

Automatic Updates BR If you find these rulesets useful and get tired of downloading updates, Chris Thielen, has kindly provided a shell script to automatically update these sets. You can find the script and instructions at: http://www.exit0.us/index.php/RulesDuJour

Additional collections BR Here are some additional collections of custom rulesets:

Chris Santerre has a collection of custom rules available at the SpamAssassin Custom Rule Emporium - http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm

There's an additional SpamAssassin wiki at http://www.exit0.us . This wiki seems more focused on rules and includes a German Ruleset.

BR

  • No labels