RulesDuJour: Automatic Update of SpamAssassin Rulesets

(version 2.4.3 and up)


Related Docs:   Qmail Configuration SPF and SRS (Admin Guide)

Starting with H-Sphere 2.4.3, mail service packages come with RulesDuJour, a bash script aimed at automatical download of new versions of SpamAssassin rulesets as the authors release new versions. As FreeBSD does not include bash by default, H-Sphere mail service package containing RulesDuJour also includes the bash installation for FreeBSD. This script must run daily as a cron task to keep additional custom SpamAssassin rules up to date.

At the mail server level, RulesDuJour is implemented by the following scripts:

  • Initialization script: /hsphere/local/config/mail/spamassassin/scripts/init_rules_du_jour
  • Deletion script: /hsphere/local/config/mail/spamassassin/scripts/delete_rules_du_jour
  • RulesDuJour SA ruleset update script: /hsphere/local/config/mail/spamassassin/scripts/rules_du_jour


Initialization Script

Initialization script is launched upon enabling the Automatic Ruleset Update (RulesDuJour) option in SpamAssassin Manager:

  1. It creates the default RulesDuJour config file /hsphere/local/config/mail/spamassassin/rulesdujour. The init script syntax (run it with the -h option to get help):

    # /hsphere/local/config/mail/spamassassin/scripts/init_rules_du_jour -h
    Usage: init_rules_du_jour [ -r rulesets ] [ -e email ]

    rulesets: list of comma separated rule set; possible values: TRIPWIRE EVILNUMBERS SARE_RANDOM (default: all)
    email: address where e-mail notifications on SA rulesets update go (default: none)

  2. It adds the RulesDuJour SA ruleset update script /hsphere/local/config/mail/spamassassin/scripts/rules_du_jour to mail server cron jobs starting daily at 1:00 AM:

    0 1 * * * /hsphere/local/config/mail/spamassassin/scripts/rules_du_jour


Configuration File

Initialization forms the RulesDuJour config file /hsphere/local/config/mail/spamassassin/rulesdujour. It has the following format:

# cat rulesdujour.default
SA_LINT="/hsphere/shared/bin/spamassassin --lint"
SA_RESTART="/etc/rc.d/init.d/spamd restart"

This sample config file is for Linux servers. For FreeBSD, it has a different spamd restart format:

SA_RESTART="/usr/local/etc/rc.d/ restart"

  • TRUSTED_RULESETS - choose under what categories custom rulesets need to be included and updated:
    • ANTIDRUG - intended to detect common "pill spam". However, it is not appropriate for all environments. It may not be appropriate for a medical or pharmaceutical environment.
    • BIGEVIL - looks for known spammer URLs in the spam.
    • BLACKLIST - a blacklist of spammers.
    • BLACKLIST_URI - looks for these domains inside URL's in the message.
    • BOGUSVIRUS - lists bogus virus warnings and similar.
    • EVILNUMBERS - addresses and phone numbers harvested from spam.
    • EVILNUMBERS1 - addresses and phone numbers harvested from spam.
    • EVILNUMBERS2 - addresses and phone numbers harvested from spam.
    • RANDOMVAL - list of tags spammers sometimes forget to convert in spam.
    • SARE_ADULT - designed to catch spam with "Adult" material.
    • SARE_BAYES_POISON_NXM - using lists of words with equal length.
    • SARE_BML - designed to catch "business, marketing and educational" spam.
    • SARE_BML_PRE25X - designed to catch "business, marketing and educational" spam.
    • SARE_CODING - contain HTML coding rules that detect various spammer tricks applied through HTML coding within messages.
    • SARE_FRAUD - designed to catch "Nigerian 419", "International Lotto", etc. type scams.
    • SARE_FRAUD_PRE25X - designed to catch "Nigerian 419", "International Lotto", etc., type scams.
    • SARE_HEADER - contain Header rules that are not found in other SARE rule sets.
    • SARE_OEM - tries to detect people selling OEM software to consumers.
    • SARE_RANDOM - tries to detect common mis-fires on bulk mail software. Many signs are found like: %RND_NUMBER, etc.
    • SARE_SPECIFIC - rule set which flags specific spam and/or spam from specific spammers.
    • SARE_SPOOF - tries to detect common spoofing attempts by spammers. Many use a Message-ID of one provider but the message was never passed through the suggested system.
    • TRIPWIRE - searches for 3 characters that shouldn't be together. This is based on the English language.
  • MAIL_ADDRESS - the e-mail address where SA ruleset update notifications will be sent. If the field is empty, no notifications will be sent.

Related Docs:   Qmail Configuration SPF and SRS (Admin Guide)

Home   Products   Services   News
© Copyright. . PSOFT. All Rights Reserved. Terms | Site Map