You know spam is something serious these days, and if you’ve got VestaCP installed these SpamAssassin rules are going to help you significantly reduce spam for all your e-mail accounts.
I have since modified the rules, but full credits go here: http://www.pettingers.org/annoyances/sa-rules.html
SpamAssassin: Let’s get started
Create a new file custom_SA-rules.cf and save that file in /etc/mail/spamassassin/ with the following rules:
# Short-Circuit if found in local blacklist or whitelist ifplugin Mail::SpamAssassin::Plugin::Shortcircuit meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED) priority SC_HAM -1000 shortcircuit SC_HAM ham score SC_HAM -20 endif rawbody NO_HTTP /and paste in your browser/i score NO_HTTP 4.5 describe NO_HTTP No HTTP on link body STOCKDUMP2 /Investor Alert/i score STOCKDUMP2 7.0 describe STOCKDUMP2 Pump and Dump Investor Alert rawbody GEOCITIES1 /\.geocities\.com\//i score GEOCITIES1 5.0 describe GEOCITIES1 Geocities Link rawbody GEOCITIES2 /\.geocities\.yahoo\//i score GEOCITIES2 5.0 describe GEOCITIES2 Geocities Link 2 body SOFTWARESPAM /attachment message\.html/ score SOFTWARESPAM 5.0 describe SOFTWARESPAM leaker software scam rawbody TRIPOD1 /\.tripod\.com/ score TRIPOD1 5.0 describe TRIPOD1 Tripod Link body STOCKDUMP5 /investment advice/ score STOCKDUMP5 4.9 describe STOCKDUMP5 Pump and Dump Five header VIRUS_SPAM Subject =~ /Hidden message/ score VIRUS_SPAM 99.0 describe VIRUS_SPAM Potential virus in attachment header VIRUS_SPAM2 Subject =~ /Protected message/ score VIRUS_SPAM2 99.0 describe VIRUS_SPAM2 Potential virus in attachment 2 body STOCKDUMP8 /\W[A-Z]{4}\s*\.\s*PK\s/i score STOCKDUMP8 4.5 describe STOCKDUMP8 Pump and Dump Microcap One body STOCKDUMP9 /\W[A-Z]{4}\s*\.\s*OB\s/i score STOCKDUMP9 4.5 describe STOCKDUMP9 Pump and Dump Microcap Two header BOGUS_THREAD ALL =~ /Thread-Index/i score BOGUS_THREAD 0.5 describe BOGUS_THREAD Contains Thread-Index in header body STOCKDUMP13 /Target price/i score STOCKDUMP13 10.0 describe STOCKDUMP13 Pump and Dump target price rawbody MALWARE01 /ecard number/i score MALWARE01 10.0 describe MALWARE01 E-Card Malware Attempt rawbody NICEG /I am nice girl/i score NICEG 6.5 describe NICEG Nice Girl mail order bride body DICT_DUMP_CUSTOM01 /(((\b|\s)[a-z]{4,}\b){7,})/ describe DICT_DUMP_CUSTOM01 Text in non-English syntax-4X7 score DICT_DUMP_CUSTOM01 0.5 body DICT_DUMP_CUSTOM02 /(((\b|\s)[a-z]{5,}\b){7,})/ describe DICT_DUMP_CUSTOM02 Text in non-English syntax-5X7 score DICT_DUMP_CUSTOM02 0.8 body DICT_DUMP_CUSTOM03 /(((\b|\s)[a-z]{5,}\b){8,})/ describe DICT_DUMP_CUSTOM03 Text in non-English syntax-5X8 score DICT_DUMP_CUSTOM03 1.2 header RODENTDROPPINGS1 ALL =~ /SquirrelMail authenticated user/i score RODENTDROPPINGS1 0.1 describe RODENTDROPPINGS1 Mail from a SquirrelMail account body SHYSTER_ONE /barrister/i score SHYSTER_ONE 2.0 describe SHYSTER_ONE Body makes reference to barrister uri PAGE_AD /pagead\/iclk/i score PAGE_AD 4.2 describe PAGE_AD Google relay to spamvertized site uri EXE_FILE /\w\.exe/i score EXE_FILE 10.0 describe EXE_FILE Potential link to executable uri BLOGSPLAT /\w\.blogspot\.com/i score BLOGSPLAT 2.5 describe BLOGSPLAT Contains link to blogspot.com header RODENTDROPPINGS2 ALL =~ /Internet Messaging Program \(IMP\)/ score RODENTDROPPINGS2 0.1 describe RODENTDROPPINGS2 Mail from an IMP agent #################### # Bump up some scores that should have low likelyhood of FP score RCVD_IN_BL_SPAMCOP_NET 5.5 score RCVD_IN_SBL 5.5 score RCVD_IN_XBL 5.5 score RCVD_IN_PBL 5.5 score RCVD_IN_DSBL 5.0 score RCVD_IN_SORBS_HTTP 3.5 score RCVD_IN_SORBS_MISC 3.5 score RCVD_IN_SORBS_SMTP 4.5 score RCVD_IN_SORBS_SOCKS 3.5 score RCVD_IN_SORBS_WEB 3.5 score RCVD_IN_SORBS_BLOCK 4.5 score RCVD_IN_SORBS_ZOMBIE 3.5 score RCVD_IN_SORBS_DUL 4.5 score HTML_TAG_BALANCE_BODY 2.0 score HTML_TAG_BALANCE_HEAD 3.0 score HTML_IMAGE_ONLY_04 4.0 score HTML_MESSAGE 0.3 score INVALID_DATE 3.2 score RCVD_IN_NJABL_SPAM 3.5 score RCVD_IN_NJABL_PROXY 5.5 score RCVD_IN_NJABL_RELAY 4.5 score RCVD_IN_NJABL_MULTI 2.5 score RCVD_IN_NJABL_CGI 2.5 score ONLINE_PHARMACY 4.0 score URIBL_SBL 5.5 score URIBL_SC_SURBL 5.5 score URIBL_WS_SURBL 4.9 score URIBL_PH_SURBL 4.9 score URIBL_OB_SURBL 4.9 score URIBL_AB_SURBL 4.9 score URIBL_JP_SURBL 4.9 score URIBL_BLACK 5.0 score SPF_HELO_PASS -1.0 score SPF_PASS -1.0 score RCVD_ILLEGAL_IP 5.0 score RATWARE_RCVD_PF 4.8 score BAYES_99 4.8 score MICROSOFT_EXECUTABLE 20.0 score RDNS_NONE 4.5 score URIBL_RHS_DOB 3.8 score URIBL_DBL_SPAM 5.0 score RCVD_IN_PSBL 5.0 score RP_MATCHES_RCVD 0.0 # Do a summary to give more weight to blacklists meta CUSTOM_RCVD_IN_MANY (( RCVD_IN_BL_SPAMCOP_NET + RCVD_IN_SBL + RCVD_IN_XBL + RCVD_IN_SORBS_DUL + RCVD_IN_SORBS_SMTP + RCVD_IN_NJABL_RELAY + RCVD_IN_DSBL + RCVD_IN_NJABL_SPAM + RCVD_IN_NJABL_PROXY + RCVD_IN_SORBS_HTTP + RCVD_IN_SORBS_BLOCK + RCVD_IN_PSBL + URIBL_DBL_SPAM) > 2) describe CUSTOM_RCVD_IN_MANY Message received in more than 2 RBLs score CUSTOM_RCVD_IN_MANY 5.0 uri FVGT_u_HAS_2LETTERFLDR /\/[a-zA-Z]{2}\// describe FVGT_u_HAS_2LETTERFLDR FVGT - URL has a 2 letter folder like /ab/ score FVGT_u_HAS_2LETTERFLDR 0.5 header FVGT_s_SINGLE_LETTER Subject =~ /\s[dfghjlmnpqstvwzDFGHJLMNPQSTVWZ]{1}\s/ describe FVGT_s_SINGLE_LETTER FVGT - Single non-vowel seperated by spaces score FVGT_s_SINGLE_LETTER 0.3
Now restart SpamAssassin:
service spamassassin restart
Further reading
My VestaCP forum post can be found here: http://forum.vestacp.com/viewtopic.php?f=12&t=11271 and if I make any updates i’ll try my best to modify them everywhere.
Hi.. thank you very much… but i have some doubts…. My server is sending to SPAM folder some desaireble mail, when i add to local.cf for example:
whitelist_from_rcvd *@portillo.cl
I still, dont get those e-mails…. Where could be the problem?.
Thanks in advance for your help
Hi @gandalf_mtb:disqus VestaCP doesn’t have the ability yet to whitelist email addresses, but if you add this to the *custom_SA-rules.cf* file then it should work for you:
whitelist_from *@portillo.cl
I have not tested it yet!
Thanks!.. it works… I erase the whitelist_from_rcvd and blacklist_from on local.cf and put them on custom_SA-rules.cf
I used to use Zpanel and I migrate to VestaCP, everything is working great.
Best Regards from Chile!
hai, if i copy this custom_SA-rules.cf to spamassassin/local.cf does it work?