How to add rules to SpamAssassin

These are additional rulesets you can add to SpamAssassin to help improve spam detection. Please review each rule before you implement this.
Please note: I have removed the sa-blacklist rules as they can cause memory issues. Please see http://wiki.apache.org/spamassassin/OutOfMemoryProblems

First we need to choose a backup path. This path should reside outside the standard spamassasssin directory. Lets use /usr/local/etc/mail/spambackup


# mkdir /usr/local/etc/mail/spambackup

Now lets copy all the files that are in the /usr/local/etc/mail/spamassassin folder. We want to preserve the file history in this case.


# cd /usr/local/etc/mail/spambackup
# cp -Rp /usr/local/etc/mail/spamassassin/ /usr/local/etc/mail/spambackup

We will add rules that are no longer updated and then we will add a script to update additional rules. First we need to fetch the rules along with the cfupdates script:


# mkdir ~root/rules
# cd ~root/rules
# fetch http://freebsdrocks.net/qmail2/cfupdates2.tgz
# tar zxvf cfupdates2.tgz
# rm cfupdates2.tgz

Now lets copy over the non-updated rules to the spamassassin folder first:


# cp -Rp ~root/rules/*.cf /usr/local/etc/mail/spamassassin
# rm *.cf

Now you will want to copy the cfupdates to a bin folder. I keep mine in ~root/bin so lets use that. Feel free to use any path you choose.


# mkdir ~root/bin
# cp ~root/rules/cfupdates.sh ~root/bin
# cd ~root/bin
# chmod 755 cfupdates.sh

Here is my crontab entry to run at 3AM every day. It is not advised to run this script than any more than once in a 24 hour period.


0 3,15 * * * ~root/bin/cfupdates.sh > /dev/null 2>&1

Additional notes:

If you are using bayes this script will also backup your bayes folder. Run the following first


# mkdir /usr/local/etc/mail/spambackup/.spamassassin

Uncomment the two bayes sections in cfupdates.sh

You can also add your own rules. I provided stock.cf as an example. Take a look at the following:

body WEEKLY_STOCK_SPAMS /\bWeekly Stock Report\b/i
score WEEKLY_STOCK_SPAMS 10.0
describe WEEKLY_STOCK_SPAMS This is a Stock Spam

The first section you need to give a description which is part of the score and describe. This needs to be the same in all 3 sections. The next part in the body /\bWeekly Stock Report\b/i
is what you want to "tag" for spamassassin to see.
The score is what you need to determine. If you're using sa-delete please take this into account.
The last section is just the description of the rule. That's all there is to scoring a message.

You can also additional rules from the /usr/ports/mail/spamass-rules port. Just run make installl clean.

More rules are located here: http://spameatingmonkey.com/usage.html

Special thanks to Steve Donohue