FSL_BULK_SIG?

General eFa discussion
Post Reply
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

FSL_BULK_SIG?

Post by pdwalker »

I was looking at my spamassassin rule hits report, looking for rules without rule descriptions when I found the following rule with no description: FSL_BULK_SIG

I've grepped in /var/lib/spamassassin and /etc/mail/spamassassin but I am unable to find where this rule is defined.

Can anyone help me find out where spamassassin is finding this rule?

Or could it possibly be a rule that only appeared in the spamassassin config files for a short period of time?

I'm a bit puzzled by this and would like to track the reason down.
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: FSL_BULK_SIG?

Post by henk »

The the SpamAssassin Rule Hits are calculated from the mailscanner maillog table.

Code: Select all

select count(*) as howmany  from mailscanner.maillog where spamreport like '%FSL_BULK_SIG%' ;
+---------+
| howmany |
+---------+
| 115 |
+---------+
1 row in set (0.02 sec)
2018_RuleHits.png
2018_RuleHits.png (5.04 KiB) Viewed 6929 times
This table keeps records for quite a long time, to be able to generate stats. So depricated rules will be there till housekeeping removes these records.

The scores are set with each update, all FSL scores are set in: /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf

Code: Select all

grep -irHn 'FSL_' /var/lib/spamassassin/3.004001/updates_spamassassin_org
The current active rules;

Code: Select all

select * from sa_rules where rule like 'FSL%';
+-----------------------+--------------------------------------------------------+
| rule | rule_desc |
+-----------------------+--------------------------------------------------------+
| FSL_CTYPE_WIN1251 | Content-Type only seen in 419 spam |
| FSL_FAKE_HOTMAIL_RVCD | no description |
| FSL_HELO_BARE_IP_1 | no description |
| FSL_HELO_BARE_IP_2 | helo from bare ip address of untrusted external server |
| FSL_HELO_DEVICE | no description |
| FSL_HELO_NON_FQDN_1 | no description |
| FSL_HELO_SETUP | no description |
| FSL_INTERIA_ABUSE | no description |
| FSL_NEW_HELO_USER | Spam's using Helo and User |
+-----------------------+--------------------------------------------------------+
9 rows in set (0.00 sec)

Found this one, somehow it is obsolete now, but it was active viewtopic.php?t=1252
FSL_BULK_SIG Bulk signature with no Unsubscribe
https://svn.apache.org/repos/asf/spamas ... nontest.cf

To fix this, altough its a never ending story, you can add a description.cf file in /etc/mail/spamassassin

[root@sansspam spamassassin]# cat /etc/mail/spamassassin/descriptions.cf
# set some descriptions te prevent list in no description found
describe FSL_BULK_SIG no description or what ever name you like
describe RCVD_IN_BRBL_LASTEXT no description
describe FSL_HELO_NON_FQDN_1 no description
describe TVD_EB_PHISH no description
describe KAM_IFRAME no description
etcetc...
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: FSL_BULK_SIG?

Post by pdwalker »

Hi Henk,

Thanks. I worked that all out eventually. I was just making sure there wasn't another directory, other than those two, that define spamassassin rules.

Also, I assumed the rule sets wouldn't change so much - but apparently they do.
Post Reply