Here is a set of rules that I added (mostly whitelist rules with negative
score) which are very specific to me but could be applied generally to
anyone's user_prefs.
(btw anything that's personal in here is readily available through other
channels so I'm not worried about it)
# This rule is to offset the many points that most online order receipt
# email pick up from other rules. If they mention my address, it's
# probably legit.
body MY_ADDRESS /17380 nw bernard/i
describe MY_ADDRESS Has my street address (bjj)
score MY_ADDRESS -10
# My real/full name is rather uncommon, and does not often appear in
# unsolicited mail.
body MY_NAME /benedict/i
describe MY_NAME Contains Benedict (bjj)
score MY_NAME -2
# Again, my real name on the To line, very rare in spam
header TO_MY_NAME To =~ /Ben Jackson/
describe TO_MY_NAME To knows my full name (bjj)
score TO_MY_NAME -2
# Variations of my name which other people have used when entering
# my address as a fake address.
body NOT_MY_NAME /\b(?:benjamin|benn?y|ben\bben)\b/i
describe NOT_MY_NAME Contains a variant of Ben that's not my name (bjj)
score NOT_MY_NAME 2
# They entered first name: ben, last name: ben, so it's `ben ben'
header TO_BEN_BEN To =~ /\bben ben\b/i
score TO_BEN_BEN 1.5
# The next two rules match mail originating on my internal network.
# This avoids problems with things like cronjobs being marked as spam.
# Also, the MALFORMED_TO/FROM rules don't like missing domains, which
# happens on internal mail, so this rule allows me to set the scores for
# those to higher values and catch spam.
header RECV_INTERNAL Received =~ /\(([a-z]{0,20}\.)home\.ben\.com \[172\.17\.42/
describe RECV_INTERNAL Originated on my network (bjj)
score RECV_INTERNAL -50
header RECV_INTERNAL2 Received =~ /localhost\).*by saturn\.home\.ben\.com /s
describe RECV_INTERNAL2 Originated on saturn (bjj)
score RECV_INTERNAL2 -50
# Some web-generated email includes the source IP. If it's mine, then
# I probably asked for it.
body IDENT_MY_IP /12[.-]224[.-]233[.-].146/
describe IDENT_MY_IP Mentions my IP address (bjj)
score IDENT_MY_IP -5
# My secondary MX does not do the same IP filtering I do. Although I
# don't *block* any IPs (merely refuse to relay) some spammers deliver
# directly to my secondary MX.
header SNEAKY_MX Received =~ /from neko\.tcp\.com /
describe SNEAKY_MX Sent to my backup MX to avoid IP filters (bjj)
score SNEAKY_MX 1
--
Ben Jackson
<[EMAIL PROTECTED]>
http://www.ben.com/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
