I was looking at my spamassassin rule hits report, looking for rules without rule descriptions when I found the following rule with no description: FSL_BULK_SIG
I've grepped in /var/lib/spamassassin and /etc/mail/spamassassin but I am unable to find where this rule is defined.
Can anyone help me find out where spamassassin is finding this rule?
Or could it possibly be a rule that only appeared in the spamassassin config files for a short period of time?
I'm a bit puzzled by this and would like to track the reason down.
FSL_BULK_SIG?
Re: FSL_BULK_SIG?
The the SpamAssassin Rule Hits are calculated from the mailscanner maillog table.
+---------+
| howmany |
+---------+
| 115 |
+---------+
1 row in set (0.02 sec) This table keeps records for quite a long time, to be able to generate stats. So depricated rules will be there till housekeeping removes these records.
The scores are set with each update, all FSL scores are set in: /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf
The current active rules;
+-----------------------+--------------------------------------------------------+
| rule | rule_desc |
+-----------------------+--------------------------------------------------------+
| FSL_CTYPE_WIN1251 | Content-Type only seen in 419 spam |
| FSL_FAKE_HOTMAIL_RVCD | no description |
| FSL_HELO_BARE_IP_1 | no description |
| FSL_HELO_BARE_IP_2 | helo from bare ip address of untrusted external server |
| FSL_HELO_DEVICE | no description |
| FSL_HELO_NON_FQDN_1 | no description |
| FSL_HELO_SETUP | no description |
| FSL_INTERIA_ABUSE | no description |
| FSL_NEW_HELO_USER | Spam's using Helo and User |
+-----------------------+--------------------------------------------------------+
9 rows in set (0.00 sec)
Found this one, somehow it is obsolete now, but it was active viewtopic.php?t=1252
FSL_BULK_SIG Bulk signature with no Unsubscribe
https://svn.apache.org/repos/asf/spamas ... nontest.cf
To fix this, altough its a never ending story, you can add a description.cf file in /etc/mail/spamassassin
[root@sansspam spamassassin]# cat /etc/mail/spamassassin/descriptions.cf
# set some descriptions te prevent list in no description found
describe FSL_BULK_SIG no description or what ever name you like
describe RCVD_IN_BRBL_LASTEXT no description
describe FSL_HELO_NON_FQDN_1 no description
describe TVD_EB_PHISH no description
describe KAM_IFRAME no description
etcetc...
Code: Select all
select count(*) as howmany from mailscanner.maillog where spamreport like '%FSL_BULK_SIG%' ;
| howmany |
+---------+
| 115 |
+---------+
1 row in set (0.02 sec) This table keeps records for quite a long time, to be able to generate stats. So depricated rules will be there till housekeeping removes these records.
The scores are set with each update, all FSL scores are set in: /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf
Code: Select all
grep -irHn 'FSL_' /var/lib/spamassassin/3.004001/updates_spamassassin_org
Code: Select all
select * from sa_rules where rule like 'FSL%';
| rule | rule_desc |
+-----------------------+--------------------------------------------------------+
| FSL_CTYPE_WIN1251 | Content-Type only seen in 419 spam |
| FSL_FAKE_HOTMAIL_RVCD | no description |
| FSL_HELO_BARE_IP_1 | no description |
| FSL_HELO_BARE_IP_2 | helo from bare ip address of untrusted external server |
| FSL_HELO_DEVICE | no description |
| FSL_HELO_NON_FQDN_1 | no description |
| FSL_HELO_SETUP | no description |
| FSL_INTERIA_ABUSE | no description |
| FSL_NEW_HELO_USER | Spam's using Helo and User |
+-----------------------+--------------------------------------------------------+
9 rows in set (0.00 sec)
Found this one, somehow it is obsolete now, but it was active viewtopic.php?t=1252
FSL_BULK_SIG Bulk signature with no Unsubscribe
https://svn.apache.org/repos/asf/spamas ... nontest.cf
To fix this, altough its a never ending story, you can add a description.cf file in /etc/mail/spamassassin
[root@sansspam spamassassin]# cat /etc/mail/spamassassin/descriptions.cf
# set some descriptions te prevent list in no description found
describe FSL_BULK_SIG no description or what ever name you like
describe RCVD_IN_BRBL_LASTEXT no description
describe FSL_HELO_NON_FQDN_1 no description
describe TVD_EB_PHISH no description
describe KAM_IFRAME no description
etcetc...
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: FSL_BULK_SIG?
Hi Henk,
Thanks. I worked that all out eventually. I was just making sure there wasn't another directory, other than those two, that define spamassassin rules.
Also, I assumed the rule sets wouldn't change so much - but apparently they do.
Thanks. I worked that all out eventually. I was just making sure there wasn't another directory, other than those two, that define spamassassin rules.
Also, I assumed the rule sets wouldn't change so much - but apparently they do.