How to report a spammer so SpamAssassin can filter it out

Bret Busby bret at busby.net
Mon Dec 8 09:09:26 UTC 2014 

On Mon, 8 Dec 2014, Ernie Luzar wrote:

> Date: Mon, 8 Dec 2014 15:22:49
> From: Ernie Luzar <luzar722 at gmail.com>
> To: Daniel Staal <DStaal at usa.net>
> Cc: FreeBSD Questions <freebsd-questions at freebsd.org>
> Subject: Re: How to report a spammer so SpamAssassin can filter it out
> 
> Daniel Staal wrote:
>> --As of December 7, 2014 9:06:14 PM +0800, Ernie Luzar is alleged to have 
>> said:
>> 
>>> Hello list
>>> 
>>> Keep getting spam email from some guy selling bulk solar panels.
>>> I know SpamAssassin has built in check of different places that provide
>>> list of known spam email addresses.
>>> Where can I find a list of places to notify them of this spam email
>>> address?   list at beawindhog.com
>> 
>> --As for the rest, it is mine.
>> 
>> There's several good ways to report this to Spamassassin - write a rule 
>> that catches it, or contribute to their spam corpus so that they can test 
>> rules against it, or use spamassassin's reporting features.
>> 
>> For the first, the best place to start is the Spamassassin mailing list:
>>> list-help: <mailto:users-help at spamassassin.apache.org>
>>> list-unsubscribe: <mailto:users-unsubscribe at spamassassin.apache.org>
>>> list-subscribe: <mailto:users-subscribe at spamassassin.apache.org>
>>> List-Post: <mailto:users at spamassassin.apache.org>
>> (See also: <https://wiki.apache.org/spamassassin/FrequentlyAskedQuestions>, 
>> as you're asking one of them.)
>> 
>> For the second, I'd still start with the mailing list, but instructions on 
>> setup are here:
>> <https://wiki.apache.org/spamassassin/NightlyMassCheck>
>> (Note they will want you to analyze all your mail - spam and ham - not just 
>> a few messages.  Actual emails are not uploaded - just the record of what 
>> rules your messages hit.)
>> 
>> The most direct answer for your question - in the FAQ above - is to use 
>> Spamassassin's reporting features - `man spamassassin-run` lists them, or 
>> as I said the FAQ above.  Short version: `spamassassin -r < 
>> fullemailmessage.txt`  (Fuller details in the FAQ and man page.)
>> 
>> Daniel T. Staal
>> 
>> ---------------------------------------------------------------
>
> My domain name, website and email is all hosted by namecheap.com. Their email 
> is run on apache storing email in sqlite database and running spamassassin 
> under apache. They provide a cpanel menu system for me to customize my hosted 
> world. I do not have direct access to their servers /root. This means I have 
> no way to perform the tasks talked about by  above posts.  The basic default 
> spamassassin rules have cut the spam by 80%. But was still getting spam from 
> china and Korea and spam in languages other then English. I had namecheap 
> tech support enable the following options for my hosted email system.
> Changed* required_score* from 5 to 3.  This stopped 15% of the spam that was 
> still getting through. Then enabled the following tests,
> *ok_languages  en
> **blacklist_from   *.cn   *to kill all email from China*
> **blacklist_from   *.ke  *to kill all email from Korea*
> **blacklist_from    *@beawindhog.com   *to kill all email from that domain 
> name that I posted about
> *score CHARSET_FARAWAY_HEADER    3.1*
> *score UNWANTED_LANGUAGE_BODY   5.1    *both of these options kill email not 
> in English language.*
> *
> Since this was enabled I have not had any spam get through.
>
> My thanks goes out to all who replied.
>
>

Hello.

I would be wary of using the filtering that you have detailed.

The two blacklist lines are, I believe, too non-specific.

I use alpine as my email application for this list, and, multiple other 
lists and people, and all of my spam handling is done (quite 
laboriously) by the use of the powerful filtering in alpine, which 
filtering, I have built up, over many years.

The problems that I see with those two blacklist lines, include, as 
examples, for the first line; "*.cn", all *.cnet.com<|.*> email 
addreses; that is, extrapolating that possibility, all *.cne*.*.* 
addresses, being excluded, and, thence, for the second line, all *.ke*.* 
addresses, being excluded, so, including all *.kent.*.*, all 
*.kerry.*.*, et al, addresses.

The thing is that filters, from my understanding, apart from the gmail 
filters, generally search for matches of substrings, so, and email 
addresses with the substrings that your blacklits rules entail, will be 
excluded, not just email addresses from the two countries involved.

I do not know for what, you use your email, but, if you do any kind of 
research, or, your communications are not exclusive (limites to a small 
set of known people), then you could be inadvertently, accidentally, 
excluding people whose communications you may want to receive, and who 
may give up trying to contact you.

I may be completely wrong, about how the particular rules are applied, 
in your case, but, from my exsperience, as I said, apart from 
gmail filters, filters use matches of substrings, and so, you could lose 
alot more than you intend, through the processs aplied in your case.

Spo, you may want to review that method of email filtering, as 
specified.

-- 
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
  you'll know what the answer means."
- Deep Thought,
   Chapter 28 of Book 1 of
   "The Hitchhiker's Guide to the Galaxy:
   A Trilogy In Four Parts",
   written by Douglas Adams,
   published by Pan Books, 1992
....................................................

More information about the freebsd-questions mailing list