So I’ve been getting a ton of Stock SPAM which is driving me nuts. The SPAM has been scoring real low, so it get’s through my default cutoff level of 3. I’m currently using a nice virtualmail setup consisting of postfix, courier-imapd, spamassassin, clamd and amavisd-new tying it all together. The setup has been running perfectly for a couple of years now, but the last two months or so, I’ve been seeing an abnormal amount of SPAM coming through including Stock and graphical SPAM (fuzzy-ocr will be introduced soon).

So I’ve been getting a ton of Stock SPAM which is driving me nuts. The SPAM has been scoring real low, so it get’s through my default cutoff level of 3. I’m currently using a nice virtualmail setup consisting of postfix, courier-imapd, spamassassin, clamd and amavisd-new tying it all together. The setup has been running perfectly for a couple of years now, but the last two months or so, I’ve been seeing an abnormal amount of SPAM coming through including Stock and graphical SPAM (fuzzy-ocr will be introduced soon).

My spamassassin set up has been using the default rules that is bundled with spamassassin (mail-filter/spamassassin-3.1.3). A friend of mine suggested that I visit rulesemporium.com because they have a very effective stock rule. I thought I’d give it a try. I simply used wget to suck the 70_sare_stocks.cf into my /etc/spamassassin/. directory and restarted amavis. Before I did this, I ran some tests. I used a message that got through containing the crappy stock info and sent it to myself. This is a snippet of the message:


We have brought you winner after winner this year and things are only
getting better!

We called it! APWL is up BIG on big volume. We
hope you took a position early and are smiling right
now. If you didn't, not to worry. The big spike is
expected also on Tuesday, November 28. Get in now!


Here is how the SPAM scored:


X-Spam-Score: -0.099
X-Spam-Level:
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=4
tests=[BAYES_00=-2.599, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5]


-0.099.. that’s about as HAM as it can get… hence my anger. I implemented my new SPAM rule and resent the message. Here is the new score:


X-Spam-Score: 2.417
X-Spam-Level: **
X-Spam-Status: No, score=2.417 tagged_above=-999 required=3 tests=[AWL=-0.758,
BAYES_00=-2.599, SARE_LWSHORTT=0.794, SARE_MLB_Stock1=1.66,
SARE_MLB_Stock2=1.66, SARE_PROLOSTOCK_SYM1=1.66]


2.417 is better, but still below my quarantine threshold. Since I’m getting a lot of these, I decided to push the score a bit. I edited /etc/spamassassin/70_sare_stocks.cf and changed 1.66 to 2.66, since it was the MLB stuff it was triggering on. After I did this, my message was nicely stuffed into the quarantine.

I’m planning on working on policy-weightd and fuzzy-ocr next in the near future, and I’ll be sure to write up the how-to.

Good luck!