efa-project.org


https://forum.efa-project.org/

FSL_BULK_SIG?

https://forum.efa-project.org/viewtopic.php?t=2933

Page 1 of 1

FSL_BULK_SIG?

Posted: 29 Jan 2018 05:56
by pdwalker
I was looking at my spamassassin rule hits report, looking for rules without rule descriptions when I found the following rule with no description: FSL_BULK_SIG

I've grepped in /var/lib/spamassassin and /etc/mail/spamassassin but I am unable to find where this rule is defined.

Can anyone help me find out where spamassassin is finding this rule?

Or could it possibly be a rule that only appeared in the spamassassin config files for a short period of time?

I'm a bit puzzled by this and would like to track the reason down.

Re: FSL_BULK_SIG?

Posted: 29 Jan 2018 16:30
by henk
The the SpamAssassin Rule Hits are calculated from the mailscanner maillog table.

Code: Select all

select count(*) as howmany  from mailscanner.maillog where spamreport like '%FSL_BULK_SIG%' ;
+---------+
| howmany |
+---------+
| 115 |
+---------+
1 row in set (0.02 sec)
2018_RuleHits.png
2018_RuleHits.png (5.04 KiB) Viewed 7764 times
This table keeps records for quite a long time, to be able to generate stats. So depricated rules will be there till housekeeping removes these records.

The scores are set with each update, all FSL scores are set in: /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf

Code: Select all

grep -irHn 'FSL_' /var/lib/spamassassin/3.004001/updates_spamassassin_org
The current active rules;

Code: Select all

select * from sa_rules where rule like 'FSL%';
+-----------------------+--------------------------------------------------------+
| rule | rule_desc |
+-----------------------+--------------------------------------------------------+
| FSL_CTYPE_WIN1251 | Content-Type only seen in 419 spam |
| FSL_FAKE_HOTMAIL_RVCD | no description |
| FSL_HELO_BARE_IP_1 | no description |
| FSL_HELO_BARE_IP_2 | helo from bare ip address of untrusted external server |
| FSL_HELO_DEVICE | no description |
| FSL_HELO_NON_FQDN_1 | no description |
| FSL_HELO_SETUP | no description |
| FSL_INTERIA_ABUSE | no description |
| FSL_NEW_HELO_USER | Spam's using Helo and User |
+-----------------------+--------------------------------------------------------+
9 rows in set (0.00 sec)

Found this one, somehow it is obsolete now, but it was active viewtopic.php?t=1252
FSL_BULK_SIG Bulk signature with no Unsubscribe
https://svn.apache.org/repos/asf/spamas ... nontest.cf

To fix this, altough its a never ending story, you can add a description.cf file in /etc/mail/spamassassin

[root@sansspam spamassassin]# cat /etc/mail/spamassassin/descriptions.cf
# set some descriptions te prevent list in no description found
describe FSL_BULK_SIG no description or what ever name you like
describe RCVD_IN_BRBL_LASTEXT no description
describe FSL_HELO_NON_FQDN_1 no description
describe TVD_EB_PHISH no description
describe KAM_IFRAME no description
etcetc...

Re: FSL_BULK_SIG?

Posted: 30 Jan 2018 07:27
by pdwalker
Hi Henk,

Thanks. I worked that all out eventually. I was just making sure there wasn't another directory, other than those two, that define spamassassin rules.

Also, I assumed the rule sets wouldn't change so much - but apparently they do.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited