[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spamassassin rules for swen? [Re: getting viruses/spam after posting to this list]

On Thu, 2003-10-16 at 08:51, Michael A. Miller wrote:
> >>>>> "Amal" == Amal Phadke <NOSPAM@NOSUCHHOST.hydrodyn.org> writes:
>     > I am currently using combination of Spamassassin and access
>     > control via /etc/mail/access (I use sendmail) with good
>     > success. Now "MS Patches" are down to one or two per
>     > day. Before I used to get about 80 or more in a day.
> What spamassassin rules are you using for swen?  After googling
> for a while, I assembled the following rules that seem to work
> pretty well.  But I wonder if there is something more elegant
> that I could do.  For example, I expect this message to get
> scored high when spamassassin sees the body ;-)

Spamassassin uses bayesian filtering now, at least in unstable.  So just
collect a whole pile of spam, and collect a whole pile of ham (real
mail) and feed it to sa-learn.  Read 'man sa-learn' for all the details.

In brief:

sa-learn --spam <directory where you store spam>
sa-learn --spam --mbox <mbox-file of spam>


sa-learn --ham <directory where your real e-mail is>
sa-learn --ham --mbox <mbox-file of real e-mail>

Hope that helps.


> Mike
> body  SWENVIRUS          /allow an malicious user to run code on your computer/
> score SWENVIRUS          +5.5
> body  SWENVIRUS2         /Microsoft C.*mer/i
> score SWENVIRUS2         +2
> body  SWENVIRUS3         /You don't need to do anything after installing this item/i
> score SWENVIRUS3         +2
> header SWENHEADER        Subject =~ /Microsoft Critical/i
> score  SWENHEADER        +2
> header SWENHEADER2       Subject =~ /New Microsoft Security Update/i
> score  SWENHEADER2       +2

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: