I run sa-update from the crontab daily which I believe should update the
rules. (i'm relatively new to this so could have it completely wrong)
The command I use in crontab is
00 01 * * * sa-update --allowplugins --channelfile
/etc/mail/spamassassin/update-channels.txt --gpgkeyfile
/etc/mail/spamassassin/gpgkeys.txt
and in the update-channels.txt I have
sought.rules.yerp.org
saupdates.openprotect.com
updates.spamassassin.org
We were getting this same spam a month or so ago and it was all getting
stopped but now its not thats why i'm very worried I have broken my
spamassassin.
Does URIBL_BLACK come default with spamassassin?
Karsten Bräckelmann wrote:
On Thu, 2008-05-15 at 09:09 +1200, Kathryn Kleinschafer wrote:
Pastebin for email: http://pastebin.ca/1018368
Pastebin for spam check results: http://pastebin.ca/1018373
OK. And what about my questions above? Err, wait, they are actually
below your reply. ;)
Karsten Bräckelmann wrote:
On Wed, 2008-05-14 at 16:25 +1200, Kathryn Kleinschafer wrote:
which seems to me that it is actually loading up the correct files - yet
when i do a test on a piece of mail which should hit heaps of rules
especially the sought_rules it is not hitting at all.
Are there any other tests I can do?
How do you tell the Sought rules should hit? If used correctly, they are
a moving target. [1]
Why do you believe it should hit the Sought rules?
Also, can you elaborate on "not hitting at all"? Including the actual
results, the SA headers, would be a good start. And maybe put a sample
up a pastebin.
Oh, yeah, definitely. Please do elaborate on your definition of "not
hitting at all". Usually implies no rules hit, and often that SA didn't
even process the message. Which it did in this case.
OK, just checked locally. Scores 8.6 (that's without the munged To) for
me. Granted, it hits a couple custom rules. :)
However, it *indeed* hits Sought (as of 3 hours ago!), plus URIBL_BLACK.
* 3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: lm6xv9muv93y98.blogspot.com]
* 2.0 JM_SOUGHT_3 JM_SOUGHT_3
Please do note again, that you need to keep the Sought rules updated.
See the docs. [1] If you don't, I'm not impressed by them not hitting.
The entire purpose of Sought is, to catch recent, changing phrases in
low scoring spam.
FWIW, the default JM_SOUGHT_* score is a whopping 4.0.
For URIBL_BLACK to hit on this kind of throw-away addresses, you need to
tweak your conf:
util_rb_2tld blogspot.com
Other than that, it hits better on Bayes for me. Plus custom rules
involving blogspot.com addresses in general, and such addresses in mail
directly delivered by the MUA to MX.
HTH
guenther
[1] http://wiki.apache.org/spamassassin/SoughtRules
