Sharing custom SpamAssassin Rules
-
@humptydumpty So I asked my favorite tool for some help on your list of "bad Gmail actors" and here is a detailed analysis for your consideration: https://www.perplexity.ai/search/please-review-the-attached-gma-BjXGrt4qR_er6c45dse5Vw .
I found myself curious as to whether those email addresses even exist. Unfortunately Gmail does not have a "finger" API and there are limited options within Spam Assassin for handling this directly. There were some ideas on combining Spam Assassin's rule-based tagging with a Sieve filter. Here are the details for your consideration: https://www.perplexity.ai/search/does-gmail-have-the-ability-to-jePfq628TDeod5jDVoYU2Q
@crazybrad That was an interesting read! I'm going to test the gmail spam rules and see how it goes. I'll add my gmail based clients to the whitelist to be on the safe side though. TYVM!
-
7 days recap after applying your rules.
I believe not one spam mail has hit my spam folder or inbox so far.
normally I'd get ~20x+ spam mails a day since my Inbox also redirects my old legacy mailboxes from web.de which have been leaked and abused over and over again.I must say, this feels very good.
@BrutalBirdie still get them in my spam folder but at least not in my inbox
-
@murgero said in Sharing custom SpamAssassin Rules:
@d19dotca does this just go into email -> Spam Filter -> Custom Spam Assassin Settings?
Yes, it goes right there. Basically from the Mail page > Spam filtering > Custom Spamassassin Rules box.
You can copy & paste the entire thing, but do note a few items just in case:
- You will need to likely remove the
blocklist_fromorwelcomelist_fromlines unless you have emails to place in those two sections already, I left those there just for an example. - If you want to use the DNSBLs from Abusix then you'll need to use your own API key (it's free for under 5,000 queries per day averaged over 7 days, it seems to work great and I highly recommend it).
The rest though you can basically copy & paste directly. Of course YMMV as they say, but this list works pretty well for me, or at least is a noticeable improvement over the rule tweaks I was using last year.
- You will need to likely remove the
-
@d19dotca Heyo! Finally got around to applying this - do I need to add anything to Mail ACL or just to custom spamassassin rules?
-
I've been getting a LOT of spam lately.
@girish Any chances we can have this implemented but the core app? Save everyone having to discoverer this thread and do the same.
-
Alternatively: turn it into a community guide, link to the guide in the documentation
-
Thanks a bunch for the list @d19dotca! Quick question about the rest of the setup though: Do you still have entries in the Email ACL DNSBL Zones or is that empty because everything is handled in the custom rules? Like those:
zen.spamhaus.org bl.mailspike.net noptr.spamrats.com dnsbl.sorbs.netOr is that empty on your side?
-
Thanks a bunch for the list @d19dotca! Quick question about the rest of the setup though: Do you still have entries in the Email ACL DNSBL Zones or is that empty because everything is handled in the custom rules? Like those:
zen.spamhaus.org bl.mailspike.net noptr.spamrats.com dnsbl.sorbs.netOr is that empty on your side?
@msbt Great question! So for me personally I use the following one in there:
{APIKey}.exploit.mail.abusix.zone. The reason being is that seems to be 100% accurate in terms of 0 false positives. The goal is to get to 0 false positives and then tag the rest as either ham or spam so the users can decide from there if anything is incorrect. That way they don’t risk losing any mail that may be important.I have also been tinkering with the spam rules again the past month, testing some things out. I’ll go into more detail with that soon with updated scores that I’m using. I wanted to do a bit more analysis of it today actually to make sure it’s in the right direction before sharing it, but I’ll likely be in a position to share it pretty soon.
--
Dustin Dauncey
www.d19.ca -
@msbt Great question! So for me personally I use the following one in there:
{APIKey}.exploit.mail.abusix.zone. The reason being is that seems to be 100% accurate in terms of 0 false positives. The goal is to get to 0 false positives and then tag the rest as either ham or spam so the users can decide from there if anything is incorrect. That way they don’t risk losing any mail that may be important.I have also been tinkering with the spam rules again the past month, testing some things out. I’ll go into more detail with that soon with updated scores that I’m using. I wanted to do a bit more analysis of it today actually to make sure it’s in the right direction before sharing it, but I’ll likely be in a position to share it pretty soon.
@d19dotca said in Sharing custom SpamAssassin Rules:
I have also been tinkering with the spam rules again the past month, testing some things out. I’ll go into more detail with that soon with updated scores that I’m using. I wanted to do a bit more analysis of it today actually to make sure it’s in the right direction before sharing it, but I’ll likely be in a position to share it pretty soon.
-
@msbt Great question! So for me personally I use the following one in there:
{APIKey}.exploit.mail.abusix.zone. The reason being is that seems to be 100% accurate in terms of 0 false positives. The goal is to get to 0 false positives and then tag the rest as either ham or spam so the users can decide from there if anything is incorrect. That way they don’t risk losing any mail that may be important.I have also been tinkering with the spam rules again the past month, testing some things out. I’ll go into more detail with that soon with updated scores that I’m using. I wanted to do a bit more analysis of it today actually to make sure it’s in the right direction before sharing it, but I’ll likely be in a position to share it pretty soon.
@d19dotca The last rules you provided are working great for me. I still get spam sent via the major mail providers like Gmail and Outlook though. They seem to target my info@ mailboxes. I wonder if there is anything we can do in that regards other than using keyword filtering?
