Thursday, February 24, 2011

Spamassassin Newsletter

https://admin.fedoraproject.org/mailman/listinfo/spamassassin-news
Spamassassin Sysadmins may be interested in the announce-only Spamassassin Newsletter.  You will receive notifications roughly twice a month summarizing everything new at SpamTips.org.  Rarely you might receive warnings when emergency configuration changes are recommended.  Past reasons have been like, "Old DNSBL has gone dead and now blacklists everyone."

Monday, February 14, 2011

SMF_BRACKETS_TO Rule

Steve Freegard's new rule SMF_BRACKETS_TO seems pretty effective at catching certain recent spam campaigns, roughly 3% of common spam.  While the majority of this spam is already stopped by DNSBL's, this may add a tiny bit of extra confidence in case an unlisted spammer gets through the network rules unscathed.

header SMF_BRACKETS_TO To:raw =~ /<<[^<>]+>>/
describe SMF_BRACKETS_TO Double-brackets around To header address
score SMF_BRACKETS_TO 1.5

Friday, February 4, 2011

Rule FSL_RU_URL is dangerous

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6533
This rule was accidentally auto-promoted into the live sa-update rules channel.  It might be very effective against the many .ru URL's common in spam, but it is entirely too prejudiced to be safe as a default rule.  Spamassasin upstream has corrected procedures to prevent an issue like this from happening again, but unfortunately they've been having some temporary problems in pushing a new rule update.  Meanwhile, it might be a good idea to disable this rule in your local.cf.

score FSL_RU_URL 0
On the other hand, if you really never expect to have legitimate mail with a .ru URL, you may want to explicitly include this prejudiced rule in your local.cf.  It is not recommended though.