Sharing custom SpamAssassin Rules

crazybrad

@humptydumpty Happy to try to find a possible pattern and rule using AI. Post the gmail addresses if you want me to try.

humptydumpty

@crazybrad Here are some that showed up in the recent logs.

enchantedjewelsjpr@gmail.com
dzamoludinh@gmail.com
chcbpcgi@gmail.com
nellefredrickson@gmail.com
generalcontact555@gmail.com
somnathmaity9292@gmail.com
khadijaaa242@gmail.com
alisa17217@gmail.com
dayalray11199@gmail.com
sanjocaleb259@gmail.com
sajidsad044@gmail.com
orcfgoyorlr@gmail.com
liis1757@gmail.com
conslt.khange@gmail.com
obonsidibe2022@gmail.com
ashuuindarkar2001@gmail.com
finn.baseestimation1@gmail.com
pankaj7323946133@gmail.com
susan83imbing@gmail.com
nqewirghmna@gmail.com

sponch

@d19dotca great and thanks! for abusix I just have to put in the api key without <>, right?
Done but don't get queries shown in the dashboard (though I sent some mails).
Using zen.spamhaus.org as DNSBL

d19dotca

@sponch said in Sharing custom SpamAssassin Rules:

@d19dotca great and thanks! for abusix I just have to put in the api key without <>, right?
Done but don't get queries shown in the dashboard (though I sent some mails).
Using zen.spamhaus.org as DNSBL

That’s correct, no angle brackets. The full URL to use is shown in the Abusix dashboard but it’s really just the API key plus the subdomain parts.

I didn’t see queries until the following day I think, if I’m remembering correctly. So maybe give it another day or two? Also maybe make sure you don’t have any spaces or blank characters in the DNSBL just in case that’s throwing off the DNS queries to it.

Also I saw you mentioned that you didn’t see on the dashboard “though [you] sent some mails”… just to clarify, the queries will be done when you receive mail rather than send mail. I’m sure you knew that, but just in case, I thought I should clarify that part.

If you don’t see anything in a couple of days on the dashboard then let me know, and I can try to help. If it’s set correctly in Cloudron though then it could be something more on the Abusix side, maybe something needs to get confirmed or activated first (I don’t remember having to do that though but I’ve been using it for a while so I can’t remember the full on-boarding workflow).

sponch

hey @d19dotca thanks again. Working now- I can see the first queries in abusix.
With "sent" I meant sent to the specific mailbox looking forward to the next days filtering result :_)

BrutalBirdie

7 days recap after applying your rules.
I believe not one spam mail has hit my spam folder or inbox so far.
normally I'd get ~20x+ spam mails a day since my Inbox also redirects my old legacy mailboxes from web.de which have been leaked and abused over and over again.

I must say, this feels very good.

crazybrad

@humptydumpty So I asked my favorite tool for some help on your list of "bad Gmail actors" and here is a detailed analysis for your consideration: https://www.perplexity.ai/search/please-review-the-attached-gma-BjXGrt4qR_er6c45dse5Vw .

I found myself curious as to whether those email addresses even exist. Unfortunately Gmail does not have a "finger" API and there are limited options within Spam Assassin for handling this directly. There were some ideas on combining Spam Assassin's rule-based tagging with a Sieve filter. Here are the details for your consideration: https://www.perplexity.ai/search/does-gmail-have-the-ability-to-jePfq628TDeod5jDVoYU2Q

humptydumpty

@crazybrad That was an interesting read! I'm going to test the gmail spam rules and see how it goes. I'll add my gmail based clients to the whitelist to be on the safe side though. TYVM!

sponch

@BrutalBirdie still get them in my spam folder but at least not in my inbox

murgero

@d19dotca Heyo! Finally got around to applying this - do I need to add anything to Mail ACL or just to custom spamassassin rules?