Spamassassin Tweaks

SPAMASSASSIN TWEAKS

I am very satisfied with the integration of Spamassassin in Evolution, it does a really good job and detects 95 to 97 % of the 100+ spams idiots send to me.
But, there are some spammers that are getting clever, ( mainly they offer bogus Rolex watches and Cialis ) and they keep finding new ways to fool Spamassassin pretending they are regular text mails.
Sure you can train Spamassassin to recognize those too, but the spammers seem to know that and keep finding ways around.

With this little tweak below I managed to bring the effectiveness up to 99% and when a new product comes up I just update the file with a section of 3 lines and that brings back the smile to my face.

This is the file to add the sections:

/etc/mail/spamassassin/local.cf

And here is how I composed them, you will see that the actual word is there 4 times in 3 lines, 3 times in CAPITAL characters preceeded with MM and closed with 2. And one time between slashes and an i.
5.0 is the score that marks it as junk, I gave the last 2 a 3.5 because " pharmacy" and "medicines" are words that can be in regular mails too, only the chance of them being together is the biggest in spam.

CODE

# MM ADDED BY BRUNO NOV 2004

body MMVIAGRA2 /viagra/i
describe MMVIAGRA2 mmrule
score MMVIAGRA2 5.0

body MMVICODIN2 /vicodin/i
describe MMVICODIN2 mmrule
score MMVICODIN2 5.0

body MMPRESCRIPTION /prescription/i
describe MMPRESCRIPTION mmrule
score MMPRESCRIPTION 3.0

body MMCIALIS2 /cialis/i
describe MMCIALIS2 mmrule
score MMCIALIS2 5.0

body MMROLEX2 /rolex/i
describe MMROLEX2 mmrule
score MMROLEX2 5.0

body MMLEVITRA2 /levitra/i
describe MMLEVITRA2 mmrule
score MMLEVITRA2 5.0

body MMVIOXX2 /vioxx/i
describe MMVIOXX2 mmrule
score MMVIOXX2 5.0

body MMVALIUM2 /valium/i
describe MMVALIUM2 mmrule
score MMVALIUM2 5.0

body MMPHARMACY2 /pharmacy/i
describe MMPHARMACY2 mmrule
score MMPHARMACY2 3.5

body MMMEDICINES2 /medicines/i
describe MMMEDICINES2 mmrule
score MMMEDICINES2 3.5

body MMSOFTABS2 /softabs/i
describe MMSOFTABS2 mmrule
score MMSOFTABS2 5.0

body MMMICROCAP2 /microcap/i
describe MMMICROCAP2 mmrule
score MMMICROCAP2 5.0

body MMSMALL-CAP2 /small-cap/i
describe MMSMALL-CAP2 mmrule
score MMSMALL-CAP2 5.0

body MMSMALLCAP2 /smallcap/i
describe MMSMALLCAP2 mmrule
score MMSMALLCAP2 5.0

body MMTRADERS2 /traders/i
describe MMTRADERSS2 mmrule
score MMTRADERS2 3.5

body MMEJACULATION2 /ejaculation/i
describe MMEJACULATION2 mmrule
score MMEJACULATION2 5.0

Additionally I found another little tweak on the PCLos forum, posted by Yama Here

It seems that if you add:

CODE

score MICROSOFT_EXECUTABLE 5.0

Mails with an MS executable as attachment will be seen as spam too !
Somehow the virus writers seem to have me scratched from their mailing list because I have not received one in a long time . . . so I have not been able to verify this one.

Bruno

-- Jan 11 2005 ( Revised Dec 15 2005 ) --