Tips for Customizing Rules in SpamAssassin

molero.renan · May 28, 2024, 2:31pm

Hello everyone, good morning! I’m sharing here a very useful code for customizing SpamAssassin rules.

With this code, you’ll be able to add new words to be promptly identified as spam, set scores for specific words, and configure domains to avoid being mistakenly flagged by SpamAssassin rules.

Edit

vim /etc/mail/spamassassin/local.cf

It’s just to include these rules at the beginning of your file, then you can customize them however you like.

required_hits 7.0
report_safe 0
required_score 7

whitelist_from *@grifon.com.br
whitelist_from *@zapsign.com.br
whitelist_from *@app.dponet.com.br
whitelist_from *@1doc.com.br
whitelist_from *@1doc.net.br
whitelist_from *@1docmail.com.br
whitelist_from *@em.1docmail.com.br
#blacklist_from

body LOCAL_RULE1 /quota limit/i
body LOCAL_RULE2 /exceeded the limit/i
body LOCAL_RULE3 /webmail expires/i
body LOCAL_RULE4 /storage limit/i
body LOCAL_RULE5 /email will be deactivated/i
body LOCAL_RULE6 /urgent alert/i
body LOCAL_RULE7 /last warning/i
body LOCAL_RULE8 /update your registration/i
body LOCAL_RULE9 /free access/i
body LOCAL_RULE10 /free membership/i
body LOCAL_RULE11 /only new customers/i
body LOCAL_RULE12 /increase sales/i
body LOCAL_RULE13 /increase traffic/i
body LOCAL_RULE14 /low rates/i
body LOCAL_RULE15 /cash bonus/i
body LOCAL_RULE16 /cents per dollar/i
body LOCAL_RULE17 /buy now/i
body LOCAL_RULE18 /buy directly/i
body LOCAL_RULE19 /consolidate debt/i
body LOCAL_RULE20 /free consultation/i
body LOCAL_RULE21 /confidentiality/i
body LOCAL_RULE22 /meet singles/i
body LOCAL_RULE23 /online course/i
body LOCAL_RULE24 /extra money/i
body LOCAL_RULE25 /quick cash/i
body LOCAL_RULE26 /free money/i
body LOCAL_RULE27 /double your income/i
body LOCAL_RULE28 /double your money/i
body LOCAL_RULE29 /save up to/i
body LOCAL_RULE30 /eliminate bad credit/i
body LOCAL_RULE31 /eliminate debts/i
body LOCAL_RULE32 /lose weight/i
body LOCAL_RULE33 /expect to earn/i
body LOCAL_RULE34 /earn money/i
body LOCAL_RULE35 /make money/i
body LOCAL_RULE36 /potential earnings/i
body LOCAL_RULE37 /large amounts/i
body LOCAL_RULE38 /free information/i
body LOCAL_RULE39 /requested information/i
body LOCAL_RULE40 /free investment/i
body LOCAL_RULE41 /this is not a scam/i
body LOCAL_RULE42 /this is not junk/i
body LOCAL_RULE43 /this is not spam/i
body LOCAL_RULE44 /financial freedom/i
body LOCAL_RULE45 /pure profit/i
body LOCAL_RULE46 /lowest price/i
body LOCAL_RULE47 /direct marketing/i
body LOCAL_RULE48 /multi-level marketing/i
body LOCAL_RULE49 /email marketing/i
body LOCAL_RULE50 /no tricks/i
body LOCAL_RULE51 /exclusive offer/i
body LOCAL_RULE52 /job offer/i
body LOCAL_RULE53 /free budget/i
body LOCAL_RULE54 /lose weight/i
body LOCAL_RULE55 /lose fat/i
body LOCAL_RULE56 /lose weight/i
body LOCAL_RULE57 /free gift/i
body LOCAL_RULE58 /special promotion/i
body LOCAL_RULE59 /prize/i
body LOCAL_RULE60 /cost reduction/i
body LOCAL_RULE61 /full refund/i
body LOCAL_RULE62 /additional income/i
body LOCAL_RULE63 /extra income/i
body LOCAL_RULE64 /flatten belly/i
body LOCAL_RULE65 /get out of debt/i
body LOCAL_RULE66 /satisfaction guaranteed/i
body LOCAL_RULE67 /be your own boss/i
body LOCAL_RULE68 /get paid/i
body LOCAL_RULE69 /hidden fees/i
body LOCAL_RULE70 /free trial/i
body LOCAL_RULE71 /targeted traffic/i
body LOCAL_RULE72 /open positions/i
body LOCAL_RULE73 /you are the winner/i
body LOCAL_RULE74 /see for yourself/i
body LOCAL_RULE76 /attention!/i
body LOCAL_RULE78 /until 23:59/i
body LOCAL_RULE79 /not spam/i
body LOCAL_RULE80 /not junk/i
body LOCAL_RULE81 /not a scam/i
body LOCAL_RULE82 /amazing discount/i
body LOCAL_RULE85 /win prizes/i
body LOCAL_RULE86 /free to try/i
body LOCAL_RULE87 /guaranteed results/i
body LOCAL_RULE88 /special discount/i
body LOCAL_RULE89 /sign up now/i
body LOCAL_RULE90 /click here/i
body LOCAL_RULE94 /download now/i
body LOCAL_RULE95 /satisfaction guarantee/i
body LOCAL_RULE96 /launch offer/i
body LOCAL_RULE97 /do not miss/i
body LOCAL_RULE98 /free for you/i
body LOCAL_RULE99 /save money/i
body LOCAL_RULE100 /risk-free/i
body LOCAL_RULE101 /immediate results/i
body LOCAL_RULE102 /real money/i
body LOCAL_RULE105 /last chance/i
body LOCAL_RULE108 /free for a limited time/i
body LOCAL_RULE112 /best price/i
body LOCAL_RULE113 /receive money/i
body LOCAL_RULE117 /launch offer/i
body LOCAL_RULE118 /do not miss/i
body LOCAL_RULE120 /save money/i
body LOCAL_RULE121 /risk-free/i
body LOCAL_RULE125 /flash sale/i
body LOCAL_RULE128 /best offer/i
body LOCAL_RULE129 /free for a limited time/i
body LOCAL_RULE131 /sign up now/i
body LOCAL_RULE132 /click here/i
body LOCAL_RULE133 /expired password/i
body LOCAL_RULE134 /important email/i
body LOCAL_RULE135 /email address CHANGED and/i
body LOCAL_RULE136 /exceeded storage/i
body LOCAL_RULE137 /small claims court/i
body LOCAL_RULE138 /suspend your domain/i



score LOCAL_RULE1 10
score LOCAL_RULE2 10
score LOCAL_RULE3 10
score LOCAL_RULE4 10
score LOCAL_RULE5 10
score LOCAL_RULE6 10
score LOCAL_RULE7 10
score LOCAL_RULE8 10
score LOCAL_RULE9 10
score LOCAL_RULE10 10
score LOCAL_RULE11 10
score LOCAL_RULE12 10
score LOCAL_RULE13 10
score LOCAL_RULE14 10
score LOCAL_RULE15 10
score LOCAL_RULE16 10
score LOCAL_RULE17 10
score LOCAL_RULE18 10
score LOCAL_RULE19 10
score LOCAL_RULE20 10
score LOCAL_RULE21 10
score LOCAL_RULE22 10
score LOCAL_RULE23 10
score LOCAL_RULE24 10
score LOCAL_RULE25 10
score LOCAL_RULE26 10
score LOCAL_RULE27 10
score LOCAL_RULE28 10
score LOCAL_RULE29 10
score LOCAL_RULE30 10
score LOCAL_RULE31 10
score LOCAL_RULE32 10
score LOCAL_RULE33 10
score LOCAL_RULE34 10
score LOCAL_RULE35 10
score LOCAL_RULE36 10
score LOCAL_RULE37 10
score LOCAL_RULE38 10
score LOCAL_RULE39 10
score LOCAL_RULE40 10
score LOCAL_RULE41 10
score LOCAL_RULE42 10
score LOCAL_RULE43 10
score LOCAL_RULE44 10
score LOCAL_RULE45 10
score LOCAL_RULE46 10
score LOCAL_RULE47 10
score LOCAL_RULE48 10
score LOCAL_RULE49 10
score LOCAL_RULE50 10
score LOCAL_RULE51 10
score LOCAL_RULE52 10
score LOCAL_RULE53 10
score LOCAL_RULE54 10
score LOCAL_RULE55 10
score LOCAL_RULE56 10
score LOCAL_RULE57 10
score LOCAL_RULE58 10
score LOCAL_RULE59 10
score LOCAL_RULE60 10
score LOCAL_RULE61 10
score LOCAL_RULE62 10
score LOCAL_RULE63 10
score LOCAL_RULE64 10
score LOCAL_RULE65 10
score LOCAL_RULE66 10
score LOCAL_RULE67 10
score LOCAL_RULE68 10
score LOCAL_RULE69 10
score LOCAL_RULE70 10
score LOCAL_RULE71 10
score LOCAL_RULE72 10
score LOCAL_RULE73 10
score LOCAL_RULE74 10
score LOCAL_RULE75 10
score LOCAL_RULE76 10
score LOCAL_RULE77 10
score LOCAL_RULE78 10
score LOCAL_RULE79 10
score LOCAL_RULE80 10
score LOCAL_RULE81 10
score LOCAL_RULE82 10
score LOCAL_RULE83 10
score LOCAL_RULE84 10
score LOCAL_RULE85 10
score LOCAL_RULE86 10
score LOCAL_RULE87 10
score LOCAL_RULE88 10
score LOCAL_RULE89 10
score LOCAL_RULE90 10
score LOCAL_RULE91 10
score LOCAL_RULE92 10
score LOCAL_RULE93 10
score LOCAL_RULE94 10
score LOCAL_RULE95 10
score LOCAL_RULE96 10
score LOCAL_RULE97 10
score LOCAL_RULE98 10
score LOCAL_RULE99 10
score LOCAL_RULE100 10
score LOCAL_RULE101 10
score LOCAL_RULE102 10
score LOCAL_RULE103 10
score LOCAL_RULE104 10
score LOCAL_RULE105 10
score LOCAL_RULE106 10
score LOCAL_RULE107 10
score LOCAL_RULE108 10
score LOCAL_RULE109 10
score LOCAL_RULE110 10
score LOCAL_RULE111 10
score LOCAL_RULE112 10
score LOCAL_RULE113 10
score LOCAL_RULE114 10
score LOCAL_RULE115 10
score LOCAL_RULE116 10
score LOCAL_RULE117 10
score LOCAL_RULE118 10
score LOCAL_RULE119 10
score LOCAL_RULE120 10
score LOCAL_RULE121 10
score LOCAL_RULE122 10
score LOCAL_RULE123 10
score LOCAL_RULE124 10
score LOCAL_RULE125 10
score LOCAL_RULE126 10
score LOCAL_RULE127 10
score LOCAL_RULE128 10
score LOCAL_RULE129 10
score LOCAL_RULE130 10
score LOCAL_RULE131 10
score LOCAL_RULE132 10
score LOCAL_RULE133 10
score LOCAL_RULE134 10
score LOCAL_RULE135 10
score LOCAL_RULE136 10
score LOCAL_RULE137 10
score LOCAL_RULE138 10

score ALL_TRUSTED -4.000
score DATE_IN_PAST_12_24 2.000
score DCC_CHECK 2.500
score DNS_FROM_AHBL_RHSBL 0
score FORGED_OUTLOOK_HTML 1.500
score HEADER_FROM_DIFFERENT_DOMAINS 2.000
score HTML_FONT_LOW_CONTRAST 2.00
score HTML_IMAGE_RATIO_02 2.000
score RCVD_IN_BRBL_LASTEXT 3.500
score RCVD_IN_PBL 0.905
score RCVD_IN_RP_CERTIFIED -2.500
score T_HTML_ATTACH 2.000
score T_LONG_HEADER_LINE_80 0.500
score T_NOT_A_PERSON 0.500
score T_OBFU_HTML_ATTACH 1.000
score T_REMOTE_IMAGE 2.500
score UPPERCASE_50_75 0.700
score URIBL_BLACK 4.250
score URIBL_DBL_REDIR 1.500
score URIBL_DBL_SPAM 5.000
score URIBL_JP_SURB 5.000
score URIBL_JP_SURBL 5.000
score URIBL_WS_SURBL 5.000
score SUBJ_ALL_CAPS 1.000
score LOTS_OF_MONEY 0.700
score T_HK_MUCHMONEY 0.700
score T_KHOP_FOREIGN_CLICK 0.700
score T_SHORTENED_URL_HREF 0.400
score T_URL_SHORTENER 0.400
score BAD_ENC_HEADER 0.400
score T_UNKNOWN_ORIGIN 0.700
score RP_MATCHES_RCVD -0.000
score BAYES_90 4.300
score BAYES_80 3.500
score BAYES_60 3.000
score BAYES_50 2.500
score BAYES_00 -0.500


# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

#    A 'contact address' users should contact for more info. (replaces
#    _CONTACTADDRESS_ in the report template)
# report_contact [email protected]


#   Add *****SPAM***** to the Subject header of spam e-mails
#
# rewrite_header Subject *****SPAM*****


#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1


#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.


#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


#   Set the threshold at which a message is considered spam (default: 5.0)
#
# required_score 5.0


#   Use Bayesian classifier (default: 1)
#
# use_bayes 1


#   Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1


#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status


#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
#   them to UTF-8 before the text is given over to rules processing.
#
# normalize_charset 1

#   Textual body scan limit    (default: 50000)
#
#   Amount of data per email text/* mimepart, that will be run through body
#   rules.  This enables safer and faster scanning of large messages,
#   perhaps having very large textual attachments.  There should be no need
#   to change this well tested default.
#
# body_part_scan_size 50000

#   Textual rawbody data scan limit    (default: 500000)
#
#   Amount of data per email text/* mimepart, that will be run through
#   rawbody rules.
#
# rawbody_part_scan_size 500000

#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-welcomelisted mails are *really* welcomelisted now, if
#   the shortcircuiting plugin is active, causing early exit to save CPU
#   load.  Uncomment to turn this on
#
#   SpamAssassin tries hard not to launch DNS queries before priority -100. 
#   If you want to shortcircuit without launching unneeded queries, make
#   sure such rule priority is below -100. These examples are already:
#
# shortcircuit USER_IN_WELCOMELIST       on
# shortcircuit USER_IN_DEF_WELCOMELIST   on
# shortcircuit USER_IN_ALL_SPAM_TO     on

#   the opposite; blocklisted mails can also save CPU
#
# shortcircuit USER_IN_BLOCKLIST       on
# shortcircuit USER_IN_BLOCKLIST_TO    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

Done, that’s just to restart.

sudo service spamd restart

ShanHan · May 31, 2024, 6:29pm

molero.renan:

required_hits 7.0
report_safe 0
required_score 7

whitelist_from *@grifon.com.br
whitelist_from *@zapsign.com.br
whitelist_from *@app.dponet.com.br
whitelist_from *@1doc.com.br
whitelist_from *@1doc.net.br
whitelist_from *@1docmail.com.br
whitelist_from *@em.1docmail.com.br
#blacklist_from

body LOCAL_RULE1 /quota limit/i
body LOCAL_RULE2 /exceeded the limit/i
body LOCAL_RULE3 /webmail expires/i
body LOCAL_RULE4 /storage limit/i
body LOCAL_RULE5 /email will be deactivated/i
body LOCAL_RULE6 /urgent alert/i
body LOCAL_RULE7 /last warning/i
body LOCAL_RULE8 /update your registration/i
body LOCAL_RULE9 /free access/i
body LOCAL_RULE10 /free membership/i
body LOCAL_RULE11 /only new customers/i
body LOCAL_RULE12 /increase sales/i
body LOCAL_RULE13 /increase traffic/i
body LOCAL_RULE14 /low rates/i
body LOCAL_RULE15 /cash bonus/i
body LOCAL_RULE16 /cents per dollar/i
body LOCAL_RULE17 /buy now/i
body LOCAL_RULE18 /buy directly/i
body LOCAL_RULE19 /consolidate debt/i
body LOCAL_RULE20 /free consultation/i
body LOCAL_RULE21 /confidentiality/i
body LOCAL_RULE22 /meet singles/i
body LOCAL_RULE23 /online course/i
body LOCAL_RULE24 /extra money/i
body LOCAL_RULE25 /quick cash/i
body LOCAL_RULE26 /free money/i
body LOCAL_RULE27 /double your income/i
body LOCAL_RULE28 /double your money/i
body LOCAL_RULE29 /save up to/i
body LOCAL_RULE30 /eliminate bad credit/i
body LOCAL_RULE31 /eliminate debts/i
body LOCAL_RULE32 /lose weight/i
body LOCAL_RULE33 /expect to earn/i
body LOCAL_RULE34 /earn money/i
body LOCAL_RULE35 /make money/i
body LOCAL_RULE36 /potential earnings/i
body LOCAL_RULE37 /large amounts/i
body LOCAL_RULE38 /free information/i
body LOCAL_RULE39 /requested information/i
body LOCAL_RULE40 /free investment/i
body LOCAL_RULE41 /this is not a scam/i
body LOCAL_RULE42 /this is not junk/i
body LOCAL_RULE43 /this is not spam/i
body LOCAL_RULE44 /financial freedom/i
body LOCAL_RULE45 /pure profit/i
body LOCAL_RULE46 /lowest price/i
body LOCAL_RULE47 /direct marketing/i
body LOCAL_RULE48 /multi-level marketing/i
body LOCAL_RULE49 /email marketing/i
body LOCAL_RULE50 /no tricks/i
body LOCAL_RULE51 /exclusive offer/i
body LOCAL_RULE52 /job offer/i
body LOCAL_RULE53 /free budget/i
body LOCAL_RULE54 /lose weight/i
body LOCAL_RULE55 /lose fat/i
body LOCAL_RULE56 /lose weight/i
body LOCAL_RULE57 /free gift/i
body LOCAL_RULE58 /special promotion/i
body LOCAL_RULE59 /prize/i
body LOCAL_RULE60 /cost reduction/i
body LOCAL_RULE61 /full refund/i
body LOCAL_RULE62 /additional income/i
body LOCAL_RULE63 /extra income/i
body LOCAL_RULE64 /flatten belly/i
body LOCAL_RULE65 /get out of debt/i
body LOCAL_RULE66 /satisfaction guaranteed/i
body LOCAL_RULE67 /be your own boss/i
body LOCAL_RULE68 /get paid/i
body LOCAL_RULE69 /hidden fees/i
body LOCAL_RULE70 /free trial/i
body LOCAL_RULE71 /targeted traffic/i
body LOCAL_RULE72 /open positions/i
body LOCAL_RULE73 /you are the winner/i
body LOCAL_RULE74 /see for yourself/i
body LOCAL_RULE76 /attention!/i
body LOCAL_RULE78 /until 23:59/i
body LOCAL_RULE79 /not spam/i
body LOCAL_RULE80 /not junk/i
body LOCAL_RULE81 /not a scam/i
body LOCAL_RULE82 /amazing discount/i
body LOCAL_RULE85 /win prizes/i
body LOCAL_RULE86 /free to try/i
body LOCAL_RULE87 /guaranteed results/i
body LOCAL_RULE88 /special discount/i
body LOCAL_RULE89 /sign up now/i
body LOCAL_RULE90 /click here/i
body LOCAL_RULE94 /download now/i
body LOCAL_RULE95 /satisfaction guarantee/i
body LOCAL_RULE96 /launch offer/i
body LOCAL_RULE97 /do not miss/i
body LOCAL_RULE98 /free for you/i
body LOCAL_RULE99 /save money/i
body LOCAL_RULE100 /risk-free/i
body LOCAL_RULE101 /immediate results/i
body LOCAL_RULE102 /real money/i
body LOCAL_RULE105 /last chance/i
body LOCAL_RULE108 /free for a limited time/i
body LOCAL_RULE112 /best price/i
body LOCAL_RULE113 /receive money/i
body LOCAL_RULE117 /launch offer/i
body LOCAL_RULE118 /do not miss/i
body LOCAL_RULE120 /save money/i
body LOCAL_RULE121 /risk-free/i
body LOCAL_RULE125 /flash sale/i
body LOCAL_RULE128 /best offer/i
body LOCAL_RULE129 /free for a limited time/i
body LOCAL_RULE131 /sign up now/i
body LOCAL_RULE132 /click here/i
body LOCAL_RULE133 /expired password/i
body LOCAL_RULE134 /important email/i
body LOCAL_RULE135 /email address CHANGED and/i
body LOCAL_RULE136 /exceeded storage/i
body LOCAL_RULE137 /small claims court/i
body LOCAL_RULE138 /suspend your domain/i



score LOCAL_RULE1 10
score LOCAL_RULE2 10
score LOCAL_RULE3 10
score LOCAL_RULE4 10
score LOCAL_RULE5 10
score LOCAL_RULE6 10
score LOCAL_RULE7 10
score LOCAL_RULE8 10
score LOCAL_RULE9 10
score LOCAL_RULE10 10
score LOCAL_RULE11 10
score LOCAL_RULE12 10
score LOCAL_RULE13 10
score LOCAL_RULE14 10
score LOCAL_RULE15 10
score LOCAL_RULE16 10
score LOCAL_RULE17 10
score LOCAL_RULE18 10
score LOCAL_RULE19 10
score LOCAL_RULE20 10
score LOCAL_RULE21 10
score LOCAL_RULE22 10
score LOCAL_RULE23 10
score LOCAL_RULE24 10
score LOCAL_RULE25 10
score LOCAL_RULE26 10
score LOCAL_RULE27 10
score LOCAL_RULE28 10
score LOCAL_RULE29 10
score LOCAL_RULE30 10
score LOCAL_RULE31 10
score LOCAL_RULE32 10
score LOCAL_RULE33 10
score LOCAL_RULE34 10
score LOCAL_RULE35 10
score LOCAL_RULE36 10
score LOCAL_RULE37 10
score LOCAL_RULE38 10
score LOCAL_RULE39 10
score LOCAL_RULE40 10
score LOCAL_RULE41 10
score LOCAL_RULE42 10
score LOCAL_RULE43 10
score LOCAL_RULE44 10
score LOCAL_RULE45 10
score LOCAL_RULE46 10
score LOCAL_RULE47 10
score LOCAL_RULE48 10
score LOCAL_RULE49 10
score LOCAL_RULE50 10
score LOCAL_RULE51 10
score LOCAL_RULE52 10
score LOCAL_RULE53 10
score LOCAL_RULE54 10
score LOCAL_RULE55 10
score LOCAL_RULE56 10
score LOCAL_RULE57 10
score LOCAL_RULE58 10
score LOCAL_RULE59 10
score LOCAL_RULE60 10
score LOCAL_RULE61 10
score LOCAL_RULE62 10
score LOCAL_RULE63 10
score LOCAL_RULE64 10
score LOCAL_RULE65 10
score LOCAL_RULE66 10
score LOCAL_RULE67 10
score LOCAL_RULE68 10
score LOCAL_RULE69 10
score LOCAL_RULE70 10
score LOCAL_RULE71 10
score LOCAL_RULE72 10
score LOCAL_RULE73 10
score LOCAL_RULE74 10
score LOCAL_RULE75 10
score LOCAL_RULE76 10
score LOCAL_RULE77 10
score LOCAL_RULE78 10
score LOCAL_RULE79 10
score LOCAL_RULE80 10
score LOCAL_RULE81 10
score LOCAL_RULE82 10
score LOCAL_RULE83 10
score LOCAL_RULE84 10
score LOCAL_RULE85 10
score LOCAL_RULE86 10
score LOCAL_RULE87 10
score LOCAL_RULE88 10
score LOCAL_RULE89 10
score LOCAL_RULE90 10
score LOCAL_RULE91 10
score LOCAL_RULE92 10
score LOCAL_RULE93 10
score LOCAL_RULE94 10
score LOCAL_RULE95 10
score LOCAL_RULE96 10
score LOCAL_RULE97 10
score LOCAL_RULE98 10
score LOCAL_RULE99 10
score LOCAL_RULE100 10
score LOCAL_RULE101 10
score LOCAL_RULE102 10
score LOCAL_RULE103 10
score LOCAL_RULE104 10
score LOCAL_RULE105 10
score LOCAL_RULE106 10
score LOCAL_RULE107 10
score LOCAL_RULE108 10
score LOCAL_RULE109 10
score LOCAL_RULE110 10
score LOCAL_RULE111 10
score LOCAL_RULE112 10
score LOCAL_RULE113 10
score LOCAL_RULE114 10
score LOCAL_RULE115 10
score LOCAL_RULE116 10
score LOCAL_RULE117 10
score LOCAL_RULE118 10
score LOCAL_RULE119 10
score LOCAL_RULE120 10
score LOCAL_RULE121 10
score LOCAL_RULE122 10
score LOCAL_RULE123 10
score LOCAL_RULE124 10
score LOCAL_RULE125 10
score LOCAL_RULE126 10
score LOCAL_RULE127 10
score LOCAL_RULE128 10
score LOCAL_RULE129 10
score LOCAL_RULE130 10
score LOCAL_RULE131 10
score LOCAL_RULE132 10
score LOCAL_RULE133 10
score LOCAL_RULE134 10
score LOCAL_RULE135 10
score LOCAL_RULE136 10
score LOCAL_RULE137 10
score LOCAL_RULE138 10

score ALL_TRUSTED -4.000
score DATE_IN_PAST_12_24 2.000
score DCC_CHECK 2.500
score DNS_FROM_AHBL_RHSBL 0
score FORGED_OUTLOOK_HTML 1.500
score HEADER_FROM_DIFFERENT_DOMAINS 2.000
score HTML_FONT_LOW_CONTRAST 2.00
score HTML_IMAGE_RATIO_02 2.000
score RCVD_IN_BRBL_LASTEXT 3.500
score RCVD_IN_PBL 0.905
score RCVD_IN_RP_CERTIFIED -2.500
score T_HTML_ATTACH 2.000
score T_LONG_HEADER_LINE_80 0.500
score T_NOT_A_PERSON 0.500
score T_OBFU_HTML_ATTACH 1.000
score T_REMOTE_IMAGE 2.500
score UPPERCASE_50_75 0.700
score URIBL_BLACK 4.250
score URIBL_DBL_REDIR 1.500
score URIBL_DBL_SPAM 5.000
score URIBL_JP_SURB 5.000
score URIBL_JP_SURBL 5.000
score URIBL_WS_SURBL 5.000
score SUBJ_ALL_CAPS 1.000
score LOTS_OF_MONEY 0.700
score T_HK_MUCHMONEY 0.700
score T_KHOP_FOREIGN_CLICK 0.700
score T_SHORTENED_URL_HREF 0.400
score T_URL_SHORTENER 0.400
score BAD_ENC_HEADER 0.400
score T_UNKNOWN_ORIGIN 0.700
score RP_MATCHES_RCVD -0.000
score BAYES_90 4.300
score BAYES_80 3.500
score BAYES_60 3.000
score BAYES_50 2.500
score BAYES_00 -0.500

Hi @molero.renan,

It is great but I have these 3 small suggestions:

1 - Because local.cf is the default file keep it simple and just and this to it "# Include custom rule file
include /etc/spamassassin/custom_local.cf " before # Some shortcircuiting, if the plugin is enabled

2 - create a custom_local.cf file and add your custom rules onto it without required_hits 7.0 because required_score 7 does work.

3 - after #blacklist_from adding this rule to reduce email impersonation “# Custom Rule to Detect Spoofed Local Domain Emails
header LOCAL_FROM_SPOOFED_FROM From =~ /@(my-domain.co.uk|another-local-domain.com)/i
header LOCAL_FROM_SPOOFED_RECEIVED Received =~ /from \S+ (\S+.\S+.\S+.\S+)/i
meta LOCAL_FROM_SPOOFED (LOCAL_FROM_SPOOFED_FROM && LOCAL_FROM_SPOOFED_RECEIVED)
score LOCAL_FROM_SPOOFED 10.0
describe LOCAL_FROM_SPOOFED Email claiming to be from any local domain but sent from a foreign server”

I hope this helps.

molero.renan · May 31, 2024, 7:44pm

ShanHan, thank you very much for your help. I didn’t know about these possibilities. I will make the changes according to your suggestions right away. Thank you once again.

system · June 30, 2024, 7:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.