Change Log: Thursady 11th January, 2007 * TOTAL RULES: 1282 * Added 7 new rules (since 21 August 2006) * Modified ~20 of rules! Details of recent changes: ------------------------- This is purely a maintenance release and doesn't significant;y change the behaviour of the rules as a whole. Mostly score adjustments to reduce false positiives and to take into account improvements in the base SpamAssassin rules. Some rules have been removed from my rule sets as similar rules have been added to recent versions of SA. All feedback welcomed! As always, usual disclaimers apply, but if you have any spam that slips through, then please forward me a copy of the e-mail (with full headers if possible) and I'll be happy to write something to catch it! My spam corpus is pretty consistent these days and I don't see all the spam in the world - help me make my rules better; send me your false negatives! (spam NOT flagged). Similarly if there are rules that consistently trigger on false positives (ham that is flagged as spam) I'd like to know about them too! To Do: (same as last time) ----- Edit the "spam_update.sh" script some more to tidy up the output and "modularise" some of the loops etc, to use functions. That way I can reuse code. Might work on a perl version too - would make it possible to gather SpamAssassin and MailScanner's config options and minimise the number of variables needed in my script....need time though. **************************************************************************** Change Log: Tuesday 10th January, 2006 custom_rules-20060106.tgz * TOTAL RULES: 1235 * Added 0 new rules (since 02-Dec-2005) * Modified ~1 rule * Removed 0 rules Details of recent changes: ------------------------- Happy new year! Thanks to Matt Kettler for a suggestion to anchor the EXE_LINK URI rule to the end of a string. This is kind of important so I published a new set of rules to cover it. Feel free to just copy the new local_uri.cf over the top of the old one. To Do: (same as last time...) ----- Edit the "spam_update.sh" script some more to tidy up the output and "modularise" some of the loops etc, to use functions. That way I can reuse code. Might work on a perl version too - would make it possible to gather SpamAssassin and MailScanner's config options and minimise the number of variables needed in my script....need time though **************************************************************************** Change Log: Friday 2nd December, 2005 custom_rules-20051202.tgz * TOTAL RULES: 1235 * Added 5 new rules (since 02-Jun-2005) * Modified ~10 rules * Removed 37 rules (not really - see below) Details of recent changes: ------------------------- My work and study commitments have kept me pretty busy for the last 6 months but another release is (finally) out. Not a lot of changes this time. A few minor tweaks of the rules and the addition of some new spammers to my domain matches. The 5 additions are spread between the local_from.cf, local_header.cf and local_rawbody.cf rules. They simply catch some domains that seem to be the source of a lot of spam on my networks. YMMV. The only modifications really deal with relaxing some scores for rules that seem to generate a few false positives (ham flagged as spam). The 37 deletions. Well, the reality is that the "score counting" script I wrote was fubar. I wasn't honouring the list of rules I was telling it to count. So I re-did it so it counts the rules AFTER the construction of the tar ball and voila, the count matches reality. So in short, the count was out on previous runs, and is now corrected :) As always, usual disclaimers apply, but if you have any spam that slips through, then please forward me a copy of the e-mail (with full headers if possible) and I'll be happy to write something to catch it! My spam corpus is pretty consisten these days and I don't see all the spam in the world - help me make my rules better; send me your false negatives! (spam NOT flagged). To Do: (same as last time...) ----- Edit the "spam_update.sh" script some more to tidy up the output and "modularise" some of the loops etc, to use functions. That way I can reuse code. Might work on a perl version too - would make it possible to gather SpamAssassin and MailScanner's config options and minimise the number of variables needed in my script....need time though **************************************************************************** Change Log: Thursday 2nd June, 2005 custom_rules-20050602.tgz * TOTAL RULES: 1263 * Added 48 new rules (since 01-Nov-2004) * Modified ~50 rules (to catch sober.q German spam) * Removed ~500 rules (see below) Details of recent changes: ------------------------- The looong delay between the previous update and this one is due to my webserver being attacked using a Linux kernel exploit that didn't do anything other than crash the system. However, once it came back up the file systems were a mess. I'd lost all of my spamassassin work back to the 01-Nov-2004 update. Moral to the story; make sure your backup system works and you can restore stuff before you need to rely on it! You'd think being a senior system admin for a multi-national company I'd have a slick-as-snot backup system....well, you know what they say about mechanic's cars and builder's houses right?? Most of this month's changes boil down to two major changes and a handful of smaller ones that don't bear much mention (spelling errors etc): Major change #1: no more URL black list in the local_uri.cf file. This was getting beyond a joke and there are better ways of doing this integrated into SA3.x. Use the remote URL blacklists like OutBlaze and SURBL instead. My rules have gone for a simpler approach of increasing the score for messages that have url's with common spam words like "lottery" or "dealz" etc in either the domain or the path/file comonents of the URL. These keywords are also incorporated into the local_from.cf rules. See each of these files for the details. Major change #2: no more weirdo regex syntax to match single characters. What was I tinking?? /(?:a|\@)/i is semantically equivalent to /[a\@]/i The first chews more CPU than the 2nd. So all the obfuscation rules have been re-written. Some other things I've done is incorporate the rules done by others to catch the sober.q spam that was all German ultra-right wing political spam. Now I really couldn't give a flying fig about your own political orientations (that's between you and the ballot box), but flooding the net with unsolicited bulk e-mail of any sort will get the spamassassin treatment from me. :) Other small changes were a major audit for spelling errors, typos and other small nagging problems. To Do: (same as last time...) ----- Edit the "spam_update.sh" script some more to tidy up the output and "modularise" some of the loops etc, to use functions. That way I can reuse code. Might work on a perl version too - would make it possible to gather SpamAssassin and MailScanner's config options and minimise the number of variables needed in my script....need time though **************************************************************************** Change Log: Monday 1st November, 2004 custom_rules-20041101.tgz * TOTAL RULES: 1773 * Added 56 new rules (since 03-Sep-2004) * Modified 250+ rules (lost count - see below) * Removed 3 rules (see below) Details of recent changes: ------------------------- The looong delay between the previous update and this one is due to me upgrading all my servers to SpamAssassin 3. SA3 is a LOT more strict about rule name lengths and description lengths. This is a Good Thing(tm), however, it mean't I needed to modify over 250 rules. Not much in the way of REGEX changes, but all the rule names and comments will now load up in SA3 without generating screen-fulls of warnings :) After a very good suggestion from Jari Aalto I've implemented a new rule-packaing format that allows roll-back to any previous version. Basically the "tgz" files now unpack into a sub-directory the same as their serial number. ie, custom_rules-20041101.tgz unpacks to ./20041101/local_*.cf To make life a little easier, I did a MAJOR re-write of my updater script (spam_update.sh). It now handles the new format and catches a lot more errors. You can still use the old script, but it wont work :P The new script is heavily commented, so feel free to have a look and modify as required :) I also re-packed all the old (archived) rules to fit the new packaging format. I have created this change log and another for the spam_update.sh script. These are LONG over-due! To Do: ----- Edit the "spam_update.sh" script some more to tidy up the output and "modularise" some of the loops etc, to use functions. That way I can reuse code. Might work on a perl version too - would make it possible to gather SpamAssassin and MailScanner's config options and minimise the number of variables needed in my script....need time though ****************************************************************************** Change Log: Friday 3rd September, 2004 custom_rules-20040903.tgz * TOTAL RULES: 1720 * Added 14 new rules (since 23 Aug 2004) * Modified 19 rules (see below) * Removed 0 rules (see below) Details of recent changes: ------------------------- In keeping with my recent promise, I've added a new set of rules! Download and enjoy! I've modified a bunch of URI rules to catch different iterations of the same URL's. Seems spammers are not particularly imaginative and reuse domains with small spelling differences. Modified a few BODY rules to be a little broader in the spelling of some key words. For instance if a rule matched "I am", I've now made it also match "I'm" and "Im". That sort of thing. The 14 new rules are mostly new URL's to catch but I've also added some new body rules to catch "sensual" and some more lottery spam. To Do: ----- Nothing! It's all done at this stage :) ****************************************************************************** $Id: custom_rules-changelog.txt,v 1.5 2007/01/11 01:16:20 james Exp $