Spamassassin Custom Rulesets

I’m starting this post in part as a placeholder for some information I’ve come across. I’ve been tinkering with my first custom spamassassin rule. I’ve tried the SARE rulesets and they seem to be missing one specific class of junk mail in my setup. (After verifying that the rulesets were actually being used), I set about trying to create my own rule to deal with the offending messages.

I found that it is amazingly simple at first blush to get a new rule going.

header MY_LOCAL_SUBJECT_TEST Subject =~ /obviousspamword/i

The above basically looks in the header of the message and if subject contains obviousspamword (i makes it case insensitive) then it adds 5 to the score. Among the warnings here…. the way I’ve set this up, if “obviousspamword” is part of a “good” email word, then I’m in trouble… If I want to make sure that word breaks are observed and I only match obviousspamword and not obviousspamwordoftheday, then I need to have Subject =~/bobviousspamwordb/i

It’s possible to do a body search the same way

body MY_LOCAL_BODY_TEST /obviousspamword/i

or to draw from the sa rules howto

n regular expressions a b can be used to indicate where a word-break (anything that isn’t
an alphanumeric character or underscore) must exist for a match. Our rule above can be
made to not match “testing” or “attest” like so:


The rule can also be made case-insensitive by adding an i to the end, like this:


Now the rule will match any combination of upper or lower case that spells “test” surrounded
by word breaks of some form.

That’s all well and good but what if we need to do a fancier matching of terms. Usually just one word isn’t enough. The matches used above use perl regex syntax and more detailed examples of regexs can be found at the perldoc site.

Other examples can be found at custom body tests and Rules basics at the wiki

The first site you should look at IF you want to tweak spamassassin with new rulesets is There are many good and useful sets there.

Here are a few other suggestions that I’ve come across for building a custom ruleset. Use lots of little rules to add small numbers of points instead of one big rule. Think of ALL the possible ways something MIGHT match (am I killing good mail with the bad.) Make some rules that give a negative value to the spam score. (If you’re a furniture shop then messages with bed, couch, wood, etc. would lower the spam score.) Use an online corpus of known spam to test against. (Don’t try to feed the messages as new through a live mail system. There are other tools to test with…)

When you’ve made your rule, type spamassassin –lint -D to check that the rule is correctly designed (syntax).

Finally, be conservative in your testing of custom rules, don’t be too ambitious. If you can get rid (or even increase the score) of one class of junkmail at a time that should make for an improvement.

Related Posts

Blog Traffic Exchange Related Posts
  • Spyware is bad.... Surprise... what is surprising is how high it's infiltration is reported to be. Spyware confidential is reporting on a Webroot survey claiming that spyware in the enterprise is at 80% (does this mean 80% of businesses have spyware, or 80% of business machines have spyware?) According to this about 80%......
  • Ways to deal with Junk Mail (1 of 2) Who hasn't ever seen junk mail? From the offers for prescription drugs to offers for who knows what. Some mail programs give you a way to filter out different senders, but the senders of junk mail are always changing (like viruses.) So what other tools are there? The reason there......
  • How Microsoft could patch VML vulnerability before October's patch day SO, there's the second big vulnerability exploit for Internet Explorer making the rounds in about a week and Microsoft's advisory says that the most recent flaw will likely be patched on October's patch day ("unless the need arises...") So, what would trigger that need? Lot's of browsers being subjected to......
Blog Traffic Exchange Related Websites
  • Golf Glossary pt 3 Bold - This usually describes a putt that has been hit too hard, and therefore goes well beyond the intended target. It may also be applied to a shot that carries away too far. Borrow - What this means is to play a put just to the side of the......
  • Biotin can Prevent Women's Loss of Hair Whether you are suffering from hair loss or you want to prevent it, you can do something to maintain your beautiful hair. You can try using Biotin, a product that is known effective for hair loss. It is actually a kind of vitamin supplement specifically applied for hair growth that......
  • Microsoft Security Bulletin Summary for September 2010 - Issued: September 14, 2010 ******************************************************************** Microsoft Security Bulletin Summary for September 2010 Issued: September 14, 2010 ******************************************************************** This bulletin summary lists security bulletins released for September 2010. The full version of the Microsoft Security Bulletin Summary for September 2010 can be found at With the release of the bulletins for September 2010, this......
PDF24    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site