1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam assassin rules not working

Discussion in 'Linux / Unix Discussion' started by Danmurph, Jul 13, 2010.

  1. Danmurph

    Danmurph Byte Poster

    127
    1
    27
    Hi Guys,

    I'm having a problem at work and was wondering if someone could help me. My boss is getting a lot of spam and i'm trying to add a rule to the local.cf file in /etc/mail/spamassassin directory but it is just not working. I'v tested my regular expression and it is finding the phrase in the body but when i put the rule in restart spamaassassin and send a test email from another account it still lets the email through, if I paste the rule down here could someone advise me if I'm doing something wrong:


    body DAVE_SPAM_RULE /467411.htm/
    score DAVE_SPAM_RULE 100 100 100 100
    describe DAVE_SPAM_RULE Detected the link 467411.htm in the email

    Spam assassin is used with amavisd as the daemon and postfix and the MTA

    Thanks in advance
     
    Certifications: MCDST, MCP, A+
    WIP: Everything!!
  2. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Can't really help you with spamassassin as I've not used it in ages(well apart from switching it off when its replaced :)) but I would recommend that you look into something called ASSP :)
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  3. Josiahb

    Josiahb Gigabyte Poster

    1,336
    39
    97
    have you tried using lint on your rules to make sure its not throwing any errors?

    Try ditching the 4 parameters for your scoring:

    Other than that I'm not sure I'm afraid.

    Edit: Just had another thought, as your looking for a web address why not use a URI rule?

     
    Last edited: Jul 13, 2010
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10
  4. Danmurph

    Danmurph Byte Poster

    127
    1
    27
    Tried both of these and although it seemed like it was going to work...it still got through :x

    I'm writing the rule as it says on the spamassassin website and it just doesn't work!! This is so frustrating, I hate this peice of software!
     
    Certifications: MCDST, MCP, A+
    WIP: Everything!!
  5. Danmurph

    Danmurph Byte Poster

    127
    1
    27
    Anyone got any ideas about this, I tried with a different rule for a similar problem and even thought the regex is telling me it is catching the phrases, the spam mail is still being delivered?
     
    Certifications: MCDST, MCP, A+
    WIP: Everything!!
  6. Josiahb

    Josiahb Gigabyte Poster

    1,336
    39
    97
    one other idea to try, apart from ripping the damn thing out and replacing it..... (oh for the day I get to do that here)

    small change but might do it, perl regex reads . as a wildcard so it might be spazzing out on that (despite the regex apparently working fine).
     
    Last edited: Jul 14, 2010
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10
  7. Danmurph

    Danmurph Byte Poster

    127
    1
    27
    Thanks Josiah, I entered this into a regex tester and it threw an error in one but worked in another.
    Anyway tried sending mail with bad content in the body again and...suprise suprise it bloody got through!! :x
    I will not be defeated!
     
    Certifications: MCDST, MCP, A+
    WIP: Everything!!
  8. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Seems to work fine over here

    --lint -D deffo not showing anything?
     
    Last edited: Jul 14, 2010
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  9. Josiahb

    Josiahb Gigabyte Poster

    1,336
    39
    97
    maybe?

    configuring custom rules is a complete pain in the arse, we had to make an adjustment to the banned words list we stuck into ours soon after it went live (because we didn't test it properly) it blocked any email containing the word specialislist.
     
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10
  10. Josiahb

    Josiahb Gigabyte Poster

    1,336
    39
    97
    Did just think, is your test email triggering any other rules on its way through?
     
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10
  11. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Another reason why you should be using ASSP already Josiahb :D


    Also just to add, your using another external email to test? and not someone@abc.com -> someoneelse@abc.com.
    I'm using gmail to fire in the test emails and its hitting everytime
     
    Last edited: Jul 14, 2010
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  12. Danmurph

    Danmurph Byte Poster

    127
    1
    27
    Maybe I should go and do some more homework on Spamassassin, I don't even know what these are, how was that log file created Thomas?
     
    Certifications: MCDST, MCP, A+
    WIP: Everything!!
  13. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Its an email header buddy, outlook will hide it from you so look at the emails properties


     
    Last edited: Jul 14, 2010
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  14. Josiahb

    Josiahb Gigabyte Poster

    1,336
    39
    97
    I wish, I'd love to be running anything except spamassassin but our outsourcing company are absolutely convinced its the best you can get and they'll be here longer than I will! :p
     
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10
  15. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111

    If thats is the case then its time to kill the contract, SA is a POS, also you could just plop it in the middle and set SA to allow everything, they wouldn't even notice it :D
     
    Last edited: Jul 14, 2010
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)

Share This Page

Loading...