On Thu, 2019-11-21 at 13:56 -0600, Jerry Malcolm wrote: > I just want to know if everyone who installs SA is expected to go in > and modify all of the rule scores in order to get more that 1-2% > effectiveness of SA? I can't believe that is the case. Is there > really not a single rule that comes with SA that detects "hard all > night", "grow your member", and "I want your sex"? > Some forms of spam, notably sex and sales spam as well as spam on some specialist mailing lists is difficult to write general rules for because its distribution can be quite selective, i.e. is your address in the list the spammer just bought?
For this reason its worthwhile learning to write SA rules because its quite likely that you *will* get spam streams that very few, if any, other SA users ever see. I've had a good results catching sales and sex spam with 'double barrelled rules' that follow this pattern: body SELLING_PHRASES /(a|list|of|selling|words|and phrases)/ score 0.001 body PRODUCT_NAMES /(a|list|of|products|pushed|by|spammers)/ score 0.001 meta SALES_SPAM (SELLING_PHRASES && PRODUCT_NAMES) score 5.0 The point being that emails that contain words and phrases from just one of the rules are never treated as spam, and, indeed with well-chosen lists will not be spam. However any email that contains a hit on both lists will almost certainly be spam. To help this to work correctly, the list contents are never "just made-up", but should ONLY contain words and phrases used to the relevant type of spam and should retain any odd spellings that were used in the spam. You can have several of these rules, each built to snare a particular type of spam. Typical ones would be for the types I listed above together with, others for the types of spam you sere, such as gambling, jobseekers, drugs, fake degrees, etc etc. I also have a smaller rule that fires on all the ways that I've seen spammers refer to money. This combines nicely with sales and other spam types that ask for money. The one problem with these is that the lists can get quite long and difficult to edit, so I wrote myself a simple tool that lets me define a rules of this type with each list item on a separate line. The tool, when run, assembles a valid set of SA rules from the easily editable rule definitions. The tool is a bash script using awk to convert a set of definition files into a single file containing the set of SA rules. If this sounds like something you can use, grab this archive, which contains sources and documentation: http://www.libelle-systems.c3487738.myzen.co.uk/free/portmanteau/portmanteau.tgz Its a zipped TAR archive. Martin
