THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Use at your own risk.
...
Status Information
BR Active: Ruleset is actively updated and maintained
BR Locked: Ruleset is not actively updated, but is fine to run and considered "stable" BR
Defunct: Ruleset is no longer maintained, may be out of date or have problems
BR BR Auto-update: Author/Maintainer has given permission to use scripts to automate the download of the ruleset BR
Please respect the wishes of the authors and/or the site hosts
BR Users of the latest version on SpamAssassin should use sa-update, not Rules Du Jour, for auto-updates. This documented elsewhere in the Wiki and rulesets such as SARE.
...
antidrug.cf
BR antidrug.cf is a set of rules designed to catch those pesky "pill spams".BR
Created by: Matt Kettler
BR Contact: mkettler_sa@verizon.net BR
License Type: Artistic/GPL dual BR
Status: Inactive
BR Auto-update: Yes, subject to change if Verizon later objects to the practice. Note: at this time the ruleset is not actively being updated.BR
Available at: http://mysite.verizon.net/mkettler_sa/antidrug.cf BR
Mirror: N/A
BR Note: Matt Kettler says "It may not be appropriate for a medical or pharmecutical environment. If in doubt, adjust the scores of all the rules to 0.01 and see if they fire off on your daily nonspam."
BR Note: SA 3.0.0 documentation indicates that much of this rule set has been incorporated into that version. This file is unnecessary with SA 3.0.0 or higher and may downgrade any improvements contributed directly to the standard ruleset. ONLY use antidrug if you are stuck on SA 2.6x for some reason. Sample Results: MasscheckAntidrug (rev 0.65 04/28/2004)
Wiki Markup
*[BR] backhair is a set of rules designed to catch those ugly, unsightly HTML tags. [BR]
Created by: Jennifer Wheeler [BR]
Contact: TBD
[BR] License Type: TBD [BR]
Status: Locked
*Locked* [BR] Auto-update: *No No
Available * [BR] Available at: http://www.emtinc.net/includes/backhair.cf [BR] Mirror: \
Mirror: rulesemporium.com
More information on Jennifer's rules: [http://www.rulesemporiumemtinc.comnet/rules.htm rulesemporium.comspamhammers.htm
NOTE: Early versions of Rules Du Jour included this set in its default config. This set is now considered "stable" and is no longer actively updated. Please do not use auto-update scripts
Note: This is a fairly aggressive ruleset that can hit on UUencoded attachments...
Note: SA 3.0.0 documentation indicates that much of this rule set has been incorporated into that version. This file is unnecessary with SA \][BR] More information on Jennifer's rules: http://www.emtinc.net/spamhammers.htm [BR] *NOTE: Early versions of Rules Du Jour included this set in its default config. This set is now considered "stable" and is no longer actively updated. Please do not use auto-update scripts*[BR] Note: This is a fairly aggressive ruleset that can hit on UUencoded attachments...[BR] Note: SA 3.0.0 documentation indicates that much of this rule set has been incorporated into that version. This file is unnecessary with SA 3.0.0. Sample Results: [MasscheckBackhair] (Version 1.5 2004-01-21)
bogus-virus-warnings.cf
BR bogus-virus-warnings tries to pick out 'collateral spam' caused by viruses. BR
Created by: Tim Jackson with contributions from othersBR
Contact: TBD
Status: Active
BR Auto-update: Yes
BR Available at: http://www.timj.co.uk/linux/bogus-virus-warnings.cf
BR More information on Tim's rules: http://www.timj.co.uk/linux/sa.php
BR Note: Main aim is to catch warnings generated by virus scanners along the lines of "you sent us virus", which are sent to the (usually faked) 'senders' of virus-infected e-mails. Contains many "black-and-white" very-high-scoring rules.BR
Sample Results: MasscheckBogusVirus (version 1.69 2004-03-04) BR
Wiki Markup
chickenpox is a set of rules designed to catch spam like * [or th.is kind of garb+age"[BR|BR] chickenpox is a set of rules designed to catch spam like "l.ooks f] Created by: Jennifer Wheeler [BR] Contactf|or th.is kind of garb+age"
Created by: Jennifer Wheeler
Contact: TBD
License Type: TBD
Status: Locked
Auto-update: No
Available at: : TBD [BR] License Type: TBD [BR] Status: *Locked* [BR] Auto-update: *No* [BR] Available at: http://www.emtinc.net/includes/chickenpox.cf
[BR] Mirror: \[http://www. rulesemporium.com
/rules.htm rulesemporium.com\][BR] *NOTE: Early versions of Rules Du Jour included this set in its default config. This set is now considered "stable" and is no longer actively updated. Please do not use auto-update scripts
*[BR] More information on Jennifer's rules: http://www.emtinc.net/spamhammers.htm [BR]
Sample Results: [MasscheckChickenpox] (Version MasscheckChickenpox (Version 1.15 2004-02-06)
[BR] Chickenpox rules are BROKEN for non-English text, they treat all accented characters as non-letters!
Wiki Markup
evilnumbers is a collection of phone numbers, PO boxes and street addresses harvested from spam.
Created by: Matt Yackley
Contact: sare@yackley.org
License Type: Artistic
Status: Active
Auto-update: Yes - Please try to keep checks down to no more then once every 24 hours
Available at: License Type: Artistic [BR] Status: Active [BR] Auto-update: Yes - Please try to keep checks down to no more then once every 24 hours [BR] Available at: http://www.rulesemporium.com/rules/evilnumbers.cf
[BR] Extras: Localized language packs available at the link below. [BR] Mirror: \[http://www.yackley.org/sa-rules yackley.org\][BR] More information on Matt Yackley's rules:
Mirror: yackley.org
More information on Matt Yackley's rules: http://www.yackley.org/sa-rules [BR]
Sample Results: [MasscheckEvilNumbers] (Version: 1.12k 03/31/2004) [BR]
Malware Block List
BR The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware. The list of URLs that point to Malware is available and formatted for using on SpamAssassin. BR
Created by: Andre Correa
BR Contact: andre.correa@pobox.com BR
License Type: GPL BR
Status: Active
BR Auto-update: Yes - Please try to keep checks down to no more then once every 4 hours
BR Auto-update: Preferred method http via http://www.malware.com.br/cgi/submit?action=list_sa BR
More information: http://www.malware.com.br
BR Note: This link is not a .cf file, you will need to save it with a .cf extension. Please visit the site for information on automatic updating procedure.
unmigratedsa-wiki-markupblacklist
*sa-blacklist* [BR] sa-blacklist is a large set of blacklist entries of domains and IP addresses. [BR]
Note: *IT IS STRONGLY RECOMMENDED YOU DO NOT USE THIS RULESET, SEE [OutOfMemoryProblems]* [BR] Created OutOfMemoryProblems
Created by: William Stearns [BR]
Contact: wstearns@pobox.com
License Type: GPL
Status: Active
[BR] License Type: GPL [BR] Status: Active [BR] Auto-update: Yes - Please try to keep checks down to no more then once every 4 hours
[BR] Auto-update: Preferred method *rsync* via rsync.sa-blacklist.stearns.org::wstearns/sa-blacklist/ [BR]
Available at: http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current
[BR] Available at: ftp://ftp.sa-blacklist.stearns.org/pub/wstearns/sa-blacklist/sa-blacklist.current [BR] Mirror: \[ftp:/
Mirror: /ftp.bascom.com/pub/wstearns/sa-blacklist/ ftp.bascom.com\] [BR] More
More information on information on Bill's rules: http://www.sa-blacklist.stearns.org/sa-blacklist/README
[BR] Note: *IT IS STRONGLY RECOMMENDED YOU DO NOT USE THIS RULESET, SEE OutOfMemoryProblems
[OutOfMemoryProblems]* [BR] Note: These are blacklist entries and will tag emails on their own! This link is not a .cf file, you will need to save it with a .cf extension.
Wiki Markup
* [BR] sa-blacklist-uri is a large set of URIs [BR]
Note: *IT IS STRONGLY RECOMMENDED YOU DO NOT USE THIS RULESET, SEE [OutOfMemoryProblems]* [BR] Created OutOfMemoryProblems
Created by: William Stearns [BR]
Contact: wstearns@pobox.com [BR]
License Type: GPL [BR]
Status: Active
[BR] Auto-update: Yes - Please try to keep checks down to no more then once every 4 hours [
BR] Auto-update: Preferred method *rsync* via rsync.sa-blacklist.stearns.org::wstearns/sa-blacklist/ [BR] Available
Available at: http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.uri.cf
[BR] Available at: ftp://ftp.sa-blacklist.stearns.org/pub/wstearns/sa-blacklist/sa-blacklist.current.uri.cf [
BR] More information on Bill's rules: http://www.sa-blacklist.stearns.org/sa-blacklist/README [BR]
Mirror: \[ftp://ftp.bascom.com/pub/wstearns/sa-blacklist/ ftp.bascom.com\] [BR]
Note: The idea behind this list is similar to bigevil, but are pulled together from different spam. These rules are "flat" ie, one entry per rule, which uses more memory than combining multiple entries into one rule. This should not be an issue if you have lots of memory or a lighter mail load.
[BR] Note: *IT IS STRONGLY RECOMMENDED YOU DO NOT USE THIS RULESET, SEE [OutOfMemoryProblems]* [BR] Sample Results: [MasscheckBlacklist] OutOfMemoryProblems
Sample Results: MasscheckBlacklist (2004030403)
Wiki Markup
* [BR] sa-random searches for spamware mistakes like: %RANDOM_WORD [BR]
Created by: William Stearns [BR]
Contact: wstearns@pobox.com [BR]
License Type: GPL [BR]
Status: Active
[BR] Auto-update: Yes - Please try to keep checks down to no more then once every 4 hours [BR]
Auto-update: Preferred method *rsync* via rsync.sa-blacklist.stearns.org::wstearns/sa-blacklist/ [BR]
Available at: http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf
[BR] Available at: ftp://ftp.sa-blacklist.stearns.org/pub/wstearns/sa-blacklist/random.current.cf [BR] Mirror: \[ftp://
Mirror: ftp.bascom.com/pub/wstearns/sa-blacklist/ ftp.bascom.com\] [BR] More information on Bill's rules: http:
More information on Bill's rules: http:////www.sa-blacklist.stearns.org/sa-blacklist/README
[BR] Sample Results: [MasscheckRandom] (release: 2004030501)
sought.cf
BR an automatically-generated ruleset which seeks good rules directly from the SpamAssassin spamtraps, updated every 4 hours BR
Created by: Justin Mason
BR Contact: jm@jmason.org
BR License Type: same as SpamAssassin BR
Status: Active
BR Auto-update: Yes, via sa-update only
BR Available at: http://taint.org/2007/08/15/004348a.html (via sa-update only) BR
More information: SoughtRules BR
tripwire.cf
BR tripwire searches for 3 characters that shouldn't be together.BR
Created by: Fred Tarasevicius
License Type: TBD BR
Status: TBD
BR Auto-update: TBD
BR Available at: http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
BR Note: These rules are based on the English language, due to the number of rules that can be triggered, problem have been reported by exim users that it can cause the header to go over the byte limit of the exim header limits, also MS Outlook can have problems with rules that look for "message headers" due to a unknown size limit in the amount of headers it will search.BR
Sample Results: MasscheckTripwire (Version 1.17)
Wiki Markup
Catches spams written in French.
Created by: Maxime Ritter
Contact: mritter@alussinan.org
License Type: Public Domain
Status: Active
Auto-update: On the mirror (updates of the mirror are automatic)
Available at: Rules* [BR] Catches spams written in French.[BR] Created by: Maxime Ritter[BR] Contact: mritter@alussinan.org [BR] License Type: Public Domain [BR] Status: *Active* [BR] Auto-update: *On the mirror (updates of the mirror are automatic)* [BR] Available at: \[http://maxime.ritter.eu.org/Spam/french_rules.cf\] [BR]
GPG-signature: Yes
Mirror: \[http://maximeairmex.ritternerim.eu.org/Spamnet/rule-get/french_rules.cf.sig Yes\] [BR] Mirror: \[http://airmex.nerim.
More information on my site : (in French only at the moment) : net/rule-get/french_rules.cf\][BR] More information on my site : (in French only at the moment) : \[http://maxime.ritter.eu.org/article.php3?id_article=11
Sample \] [BR] Sample Results: None yet.
Romanian Rules
Catches spams written in Romanian or by Romanian spammers.
Created by: INTERSOL SRL
License Type: Public Domain
Status: Active
Auto-update: On the mirror (updates of the mirror are automatic)
Available at: Wiki Markup
More information on our site : (in Romanian only at the moment) : http://www.intersol.ro/anti-spam\] [BR]
Wiki Markup
Misc rules I * [BR] Misc rules I use. Use them if you find them usefull.
[BR] Created by: Maxime Ritter[BR]
Contact: mritter@alussinan.org [BR]
License Type: Public Domain [BR]
Status: Active
*Active* [BR] Auto-update: *On the mirror (auto--updated)
Available at: updated)* [BR] Available at: \[http://maxime.ritter.eu.org/Spam/airmax.cf\] [BR] GPG-signature: \[http://maxime.ritter.eu.org/Spam/airmax.cf.sig Yes\][BR] Mirror: \[
GPG-signature: Yes
Mirror: http://airmex.nerim.net/rule-get/airmax.cf\] [BR] More information on my site : (in French only at
More information on my site : (in French only at the moment) : the moment) : \[http://maxime.ritter.eu.org/article.php3?id_article=11\] [BR] Sample
Sample Results: None yet.None yet.
Chinese Rules
Rules to catch spams written in Chinese.
Created by: Quang-Anh Tran, at CCERT Anti-Spam Team
Contact: Wiki Markup
License Type: Apache License [BR]
Status: Inactive
Available at: *Inactive* [BR] Available at: \[http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf\] (last updated 2006-10-01) [BR]
More information (in Chinese): \[http://www.ccert.edu.cn/spam/sa/Chinese_rules.htm\] [BR] Note : Rules and scores are said to be updated once a week by using spams reported to the anti-spam service of CCERT
Note : Rules and scores are said to be updated once a week by using spams reported to the anti-spam service of CCERT in the last 3 months.
Sample Results: MasscheckChineserulesin the last 3 months. [BR] Sample Results: [MasscheckChineserules]
GEE Whiz Chinese Ruleset
BR We developed a set of SpamAssassin rules which apply to Simplified Chinese, based on GB2312. They include head rules, phrase rules.BR
Created by: Zhong(Adam) Wang at Submersion CorporationBR
Contact: adamwang@submersion.com BR
License Type: GPL BR
Status: Inactive
BR Available at: (no longer available) BR
More detail: (no longer available)
BR Note : Rules are masschecked by CCERT.BR
Sample Results: MasscheckGeeWhizChineseRulesetunmigrated-wiki-markup
I cleaned up part of GEE Whiz Chinese Ruleset which take forever to run mass-check and run perceptron to rescore the Ruleset Available at: \[http://mcli.homelinux.org:8080/apache2-default/spam\] [BR]
Contact: mchun.li@gmail.com [BR]
Wiki Markup
This is a tiny set of rules, designed to find MIME errors commonly encountered in mails sent by the bulk mailers used by spammers.
Created by: Byteplant GmbH
Contact: nstsupport@byteplant.com
License Type: GPL
Status: Active
Available at: Ruleset* [BR] This is a tiny set of rules, designed to find MIME errors commonly encountered in mails sent by the bulk mailers used by spammers.[BR] Created by: Byteplant GmbH[BR] Contact: nstsupport@byteplant.com [BR] License Type: GPL [BR] Status: *Active* [BR] Available at: \[http://www.nospamtoday.com/download/mime_validate.cf\] [BR] Sample cf
Sample Results: None yet.
Wiki Markup
*[BR] Catches german language SPAM. Please report your german SPAM with full headers[BR]
Created by: Michael Monnerie ( \[http://it-management.at\] )[BR] )
Contact: spam-german@zmi.at [BR]
License Type: Artistic[BR]
Status: Active
Available *Active* [BR] Available at: [SpamAssassin] Channel: 70_zmi_german.cf.zmi.sa-update.dostech.net[BR]
Available at: Homepage: \[http://zmi.at/x/70_zmi_german.cf\][BR] Sample
Sample Results: No false positives until now
Polish Language Ruleset
BR Catches Polish language spam; moved from the Spamassassin distribution after SA 3.1.8.
BR Created by: <radek at alter dot pl>, contributions by <adek at ines dot wonlok dot com dot pl>BR
Contact: <radek at alter dot pl>
BR License Type: Apache Software License 2.0BR
Status: ?
BR Available at: BodyTestsPl
BR Sample Results: None yet.
Wiki Markup
*[BR] Catches spams written in Greek or by Greek spammers or that target the .GR domain.[BR]
Created by: Dimitris Michelinakis[BR]
License Type: Artistic[BR]
Status: Active
*Active* [BR] Auto-update: *Yes* - Please try to keep checks down to no more than once every 24 hours[BR]
Available at: \[http://www.michelinakis.gr/Dimitris/spamassassin/gr_domain.cf\][BR] More information on the site:
More information on the site: http://www.michelinakis.gr/Dimitris/spamassassin/
...
Automatic Updates BR
Wiki Markup
If you find these rulesets useful and get tired of downloading updates, Chris Thielen, has kindly provided a shell script to automatically update these sets. You can find the script and instructions at: http://www.exit0.us/index.php?pagename=RulesDuJour BR
Another tool is now available, featuring GPG check of the rulesets which have a known signature and an apt-get-like syntax : http://maxime.ritter.eu.org/article.php3?id_article=10
For Windows, Bret Miller has contributed a windows script for updating these sets. You can download it here: http://mail.wcg.org/~support/default.html#satools BR
A readme file is provided with instructions for setting it up. It requires ActivePerl 5.8.x (doesn't work right on 5.6.1).
Additional collections
BR Here are some additional collections of custom rulesets:
The SARE Ninjas have a collection of custom rules available at the SpamAssassin Rules Emporium (started by Chris Santerre) - http://www.rulesemporium.com - this collection includes HTML rules, Header abuse rules, ratware rules, specific spammer rules, adult rules, fraud rules, subject rules, business and marketing rules, etc. Several of those rule sets are multi-file rule sets, a practice started by Bob Menschel, allowing you to pick and choose based on the quality or applicability of rules within the MultiFileRuleSets. BR
->SARE Ninjas are not active at this point of time: "IMPORTANT: Due to Ninjas being busy with lives, wives & hockey matches, SARE rules aren't being updated."BR
The Hebrew SpamAssassin rules project is located at http://www.deltaforce.net/hebrewspam
...