Paul Matthews wrote: > Hi there, > > I've just installed spam assassin and it's working okay, but some spam is > still getting in, I only have like 3 rules at the moment that I added in,
Care to specify which ones? > is there a list of pretty safe rules out there that I could just copy into > my local.cf SA file? Well, I usually don't copy rules into my local.cf, I copy whole rulefiles at a time. (SA will parse all the .cf files in /etc/mail/spamassassin, not just local.cf. So all you need to do is download the .cf files). In general, I would suggest not adding on ANY rules to start with. Only use the default set for a little bit, to get a feel for what works for you, Also, make sure you've got Net::DNS installed. The SA default ruleset has a LOT of very powerful rules that depend on DNS. As for add-ons' I get good results from the following rulesets from SARE. After running a bit with the default set, these would be good add-ons to start with. 70_sare_adult.cf 70_sare_evilnum0.cf 70_sare_genlsubj0.cf 70_sare_html0.cf 70_sare_obfu0.cf 70_sare_random.cf 70_sare_specific.cf 70_sare_stocks.cf 70_sare_uri0.cf 99_FVGT_Tripwire.cf 99_sare_fraud_post25x.cf I strongly suggest not using sa-blacklist.cf or sa-blacklist-uri.cf unless you have a LOT (more than 4GB) of ram. Both of these are SEVERE memory hogs. I also make use of a modified version of the rules for uribl.com's add-on uribl: urirhssub URIBL_BLACK multi.uribl.com. A 2 body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') describe URIBL_BLACK Contains an URL listed in the URIBL blacklist tflags URIBL_BLACK net score URIBL_BLACK 1.5 # note: grey is an informational rule. It OFTEN matches nonspam. # in fact, it tends to match more nonspam than spam. (S/O's are # in the 0.55-0.30 range) urirhssub URIBL_GREY multi.uribl.com. A 4 body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') describe URIBL_GREY Contains an URL listed in the URIBL greylist tflags URIBL_GREY net score URIBL_GREY 0.001 > >