wiki:RecommendedRuleSets

Version 6 (modified by rjl, 13 years ago) (diff)

--

Recommended Rulesets for RulesDuJour

For SpamAssassin versions 2.50 to 2.64:

TRUSTED_RULESETS="SARE_REDIRECT SARE_EVILNUMBERS0 SARE_BAYES_POISON_NXM SARE_HTML SARE_HEADER SARE_SPECIFIC SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ SARE_UNSUB SARE_URI0 SARE_OBFU0";

For SpamAssassin versions 3.0 and later:

TRUSTED_RULESETS="SARE_REDIRECT_POST300 SARE_EVILNUMBERS0 SARE_BAYES_POISON_NXM SARE_HTML SARE_HEADER SARE_SPECIFIC SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ SARE_UNSUB SARE_URI0 SARE_OBFU0";

In general, note that some of the SARE rules are available in varying levels of risk, where lower numbers are more conservative and higher numbers are more likely to produce false positives. For example, the SARE_GENLSUBJ rules are available in five levels (SARE_GENLSUBJ0, SARE_GENLSUBJ1, SARE_GENLSUBJ2, SARE_GENLSUBJ3, and SARE_GENLSUBJ4). Specifying just "SARE_GENLSUBJ" gets levels 0-3, but not 4. If you want to be more conservative, just get SARE_GENLSUBJ0; if you decide that's not aggressive enough, add SARE_GENLSUBJ1, and so on until you find the level that works best for your needs.

Don't use the BLACKLIST or BLACKLIST_URI rulesets--they take up a huge amount of memory, and they're practically obsolete now that the SA blacklist has been moved to a SURBL lookup. The only circumstance I can think of for using ruleset-based (i.e. static) blacklists/whitelists is when you're not doing any network tests at all--no DNSBL lookups, no SPF, no DomainKeys, no Razor/Pyzor?/DCC/SpamCop. Doing it that way saves you from network delays (latency), but of course deprives you of many very useful sources of information. A static whitelist/blacklist file can be useful in that scenario, provided you keep it up to date.


Back to FAQ