Starting with H-Sphere 2.4.3, mail service packages come with
RulesDuJour, a bash script
aimed at automatical download of new versions of SpamAssassin rulesets as the authors release new versions.
As FreeBSD does not include bash by default,
H-Sphere mail service package containing RulesDuJour also includes the bash installation
for FreeBSD. This script must run daily as a cron task to keep additional custom SpamAssassin
rules up to date.
At the mail server level, RulesDuJour is implemented by the following scripts:
- Initialization script: /hsphere/local/config/mail/spamassassin/scripts/init_rules_du_jour
- Deletion script: /hsphere/local/config/mail/spamassassin/scripts/delete_rules_du_jour
- RulesDuJour SA ruleset update script: /hsphere/local/config/mail/spamassassin/scripts/rules_du_jour
Initialization script is launched upon enabling the Automatic Ruleset Update (RulesDuJour)
option in SpamAssassin Manager:
- It creates the default RulesDuJour config file
/hsphere/local/config/mail/spamassassin/rulesdujour. The init script syntax
(run it with the -h option to get help):
# /hsphere/local/config/mail/spamassassin/scripts/init_rules_du_jour -h
Usage: init_rules_du_jour [ -r rulesets ] [ -e email ]
rulesets: list of comma separated rule set;
possible values: TRIPWIRE EVILNUMBERS SARE_RANDOM (default: all)
email: address where e-mail notifications on SA rulesets update go (default: none)
- It adds the RulesDuJour SA ruleset update script
mail server cron jobs starting daily at 1:00 AM:
0 1 * * * /hsphere/local/config/mail/spamassassin/scripts/rules_du_jour
Initialization forms the RulesDuJour config file /hsphere/local/config/mail/spamassassin/rulesdujour.
It has the following format:
# cat rulesdujour.default
TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM"
This sample config file is for Linux servers. For FreeBSD, it has a different spamd restart format:
- TRUSTED_RULESETS - choose under what categories custom rulesets need to be included and updated:
- ANTIDRUG - intended to detect common "pill spam".
However, it is not appropriate for all environments.
It may not be appropriate for a medical or pharmaceutical environment.
- BIGEVIL - looks for known spammer URLs in the spam.
- BLACKLIST - a blacklist of spammers.
- BLACKLIST_URI - looks for these domains inside URL's in the message.
- BOGUSVIRUS - lists bogus virus warnings and similar.
- EVILNUMBERS - addresses and phone numbers harvested from spam.
- EVILNUMBERS1 - addresses and phone numbers harvested from spam.
- EVILNUMBERS2 - addresses and phone numbers harvested from spam.
- RANDOMVAL - list of tags spammers sometimes forget to convert in spam.
- SARE_ADULT - designed to catch spam with "Adult" material.
- SARE_BAYES_POISON_NXM - using lists of words with equal length.
- SARE_BML - designed to catch "business, marketing and educational" spam.
- SARE_BML_PRE25X - designed to catch "business, marketing and educational" spam.
- SARE_CODING - contain HTML coding rules that detect various spammer tricks applied
through HTML coding within messages.
- SARE_FRAUD - designed to catch "Nigerian 419", "International Lotto", etc. type scams.
- SARE_FRAUD_PRE25X - designed to catch "Nigerian 419", "International Lotto", etc.,
- SARE_HEADER - contain Header rules that are not found in other SARE rule sets.
- SARE_OEM - tries to detect people selling OEM software to consumers.
- SARE_RANDOM - tries to detect common mis-fires on bulk mail software.
Many signs are found like: %RND_NUMBER, etc.
- SARE_SPECIFIC - rule set which flags specific spam and/or spam from specific spammers.
- SARE_SPOOF - tries to detect common spoofing attempts by spammers.
Many use a Message-ID of one provider but the message was never passed through the suggested system.
- TRIPWIRE - searches for 3 characters that shouldn't be together.
This is based on the English language.
- MAIL_ADDRESS - the e-mail address where SA ruleset update notifications will be sent.
If the field is empty, no notifications will be sent.