Chapter 3. SpamAssassin Rules
SpamAssassin performs its spam-checking by applying a series of tests to an email message. Most tests examine the message headers or body for patterns that are suggestive of spam; others perform Internet lookups against network-based blacklists of IP addresses or checksums of spam messages. Each positive test yields a score, and the sum of the scores is the total spam score of the message.
This chapter describes the SpamAssassin pattern-based and network-based tests: how they are written and scored, and how you can modify the score of a built-in test or write your own custom tests. This chapter also covers whitelist and blacklist rules, which can override SpamAssassinâs usual determination of whether or not a message is spam.
The tests described in this chapter are all static testsâthey donât change over time as SpamAssassin analyzes messages. Chapter 4 explains learning tests, which use information from messages seen in the past to improve decisions in the future.
The Anatomy of a Test
Most SpamAssassin tests consist of the same basic components:
A test name, consisting of up to 22 uppercase letters, numbers, or underscores. Names that begin
T_refer to rules in testing.A more verbose description of the test, which is used in the reports generated by SpamAssassin. Typically, descriptions are up to 50 characters long.
An indication of where to look. Tests can be applied to the message headers only, the message body only, uniform resource identifiers ...
Get SpamAssassin now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
