i am Lovin spamassassin. I added a new rule to dump anything with an <a ... > tag. Nobody sends me HTML mail and almost ALL spam has an anchor tag to click on. works great.
add this to your local.cf file: score HTML_TAG_EXISTS_A 4.0 body HTML_TAG_EXISTS_A eval:html_tag_exists('a') describe HTML_TAG_EXISTS_A HTML has "anchor" tags
what i most love about spamassassin is that its practically non-invasive. Its a perl script (very portable) that makes an analysis of email headers and content and adds the result of its processing to the email headers. It marks it up pretty hard core if it thinks its spam. Its up to another piece of software to look for the spam/ham recommendation and do something with the email.
Example ham headers (non-spam) X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on bone.personaltelco.net X-Spam-Level: X-Spam-Status: No, hits=0.2 required=5.0 tests=SUBJ_HAS_UNIQ_ID autolearn=no version=2.63
Example spam (this didnt even have an A tag) Content preview: Want to pay less for your home? Found a home and now you need a mortgage? Find lenders ready to finance your home loan today! [...]
spam assassin's analysis: Content analysis details: (11.6 points, 5.0 required)
pts rule name description
1.2 FREE_CONSULTATION BODY: Offers a consultation for nothing 0.9 BLANK_LINES_70_80 BODY: Message body has 70-80% blank lines 2.8 MORTGAGE_LINKS URI: Message has link to mortgage URI 0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain 1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org [http://dsbl.org/listing?ip=126.96.36.199] 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?188.8.131.52] 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address [184.108.40.206 listed in dnsbl.sorbs.net] 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [220.127.116.11 listed in dnsbl.sorbs.net]
Here is another one Content preview: The Facts... Béfore cóntinuing, lets take a loók at thése sad, but trué facts: The average eréct pénis sizé is just 6.16". Over 90 pércent of all mén pósses this sizé. 85 pércent of all mén
and the analysis: Content analysis details: (11.2 points, 5.0 required)
pts rule name description
0.0 HTML_MESSAGE BODY: HTML included in message 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 4.0 HTML_TAG_EXISTS_A BODY: HTML has "anchor" tags 0.8 BIZ_TLD URI: Contains a URL in the BIZ top-level domain 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see http://www.spamcop.net/bl.shtml?18.104.22.168] 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address [22.214.171.124 listed in dnsbl.sorbs.net] 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [126.96.36.199 listed in dnsbl.sorbs.net] 1.4 DNS_FROM_RFCI_DSN RBL: From: sender listed in dsn.rfc-ignorant.org
Once spam assassin has had its way with the email, I have procmail dump anything flagged as spam (non-spam is called ham :) into the spam folder.
from .procmailrc: :0fw: spamassassin.lock | /home/donp/.spamassassin/usr/bin/spamassassin
- ^X-Spam-Status: Yes mail/spam
To all spammers: Kiss my shiny metal ass!