{"id":103,"date":"2008-01-25T18:36:40","date_gmt":"2008-01-25T16:36:40","guid":{"rendered":"http:\/\/michauko.org\/blog\/2008\/01\/25\/spamassassin-se-creer-une-regle-de-detection-specifique\/"},"modified":"2015-04-16T10:32:45","modified_gmt":"2015-04-16T09:32:45","slug":"spamassassin-se-creer-une-regle-de-detection-specifique","status":"publish","type":"post","link":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/","title":{"rendered":"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique"},"content":{"rendered":"

Malgr\u00e9 des r\u00e8gles assez sympathiques (voyez ma doc Debian<\/a> (encore ? oui oui) pour les mettre en place), il arrive que certains spams ne soient pas reconnus. Si vous avez envie d’\u00e9crire une r\u00e8gle hyper compliqu\u00e9e ou simplement une petite r\u00e8gle car vous avez d\u00e9tect\u00e9 qu’un serveur relai bien moisi \u00e9tait \u00e0 l’origine de cela, voici une mini-introduction pour le faire.<\/p>\n

Tout d’abord, lisez la doc officielle de SpamAssassin sur le sujet<\/a>, c’est la bible. Ensuite, voici un cas simple, concret, bas\u00e9 sur un header<\/em> particulier, le champ \"Received\"<\/code>. Je cherche \u00e0 voir si le mail spammeux non d\u00e9tect\u00e9 est pass\u00e9 par le serveur \u00ab\u00a0gaoland.net\u00a0\u00bb, apparement un \u00ab\u00a0probl\u00e8me connu\u00a0\u00bb (voyez sur Google).<\/p>\n

J’ai donc cr\u00e9\u00e9 un fichier \/etc\/spamassassin\/mes_regles.cf<\/code> contenant :<\/p>\n

header   PERSO_GAOLAND Received =~ \/gaoland\\.net\/i\r\ndescribe PERSO_GAOLAND Relaye par gaoland.net, on soup\u00e7onne fortement\r\nscore    PERSO_GAOLAND 4.0<\/pre>\n
J’ai simplement fait ajouter 4 points car ce spam non reconnu marquait d\u00e9j\u00e0 4.5 ou 4.9 – je ne sais plus – pour motif \u00ab\u00a0Bayesian spam probability is 99 to 100%\u00a0\u00bb, mon seuil de d\u00e9tection \u00e9tant \u00e0 5.<\/p>\n
Pour faire un test de votre configuration, vous pouvez vous cr\u00e9er une r\u00e8gle de ce genre :<\/p>\n
body     MESREGLES_TEST   \/je teste mon spam\/\r\nscore    MESREGLES_TEST   5.1<\/pre>\n
…et vous envoyer un e-mail depuis une adresse non whitelist\u00e9e<\/em> (oui oui j’ai fait cette erreur \ud83d\ude09 contenant dans le corps du message (BODY) la phrase \u00ab\u00a0je teste mon spam\u00a0\u00bb. Vous devriez alors voir un joli :<\/p>\n
Spam detection software, running on the system \"monserveur.com\", has\r\nidentified this incoming email as possible spam.  The original message\r\nhas been attached to this so you can view it (if it isn't spam) or label\r\nsimilar future email.  If you have any questions, see\r\nthe administrator of that system for details.\r\n\r\nContent preview:  bliblablo je teste mon spam blabslqj [...] \r\n\r\nContent analysis details:   (5.1 points, 5.0 required)\r\n\r\n pts rule name              description\r\n---- ---------------------- --------------------------------------------------\r\n 5.1 MESREGLES_TEST             BODY: MESREGLES_TEST\r\n 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%\r\n                            [score: 0.4978]\r\n 0.0 AWL                    AWL: From: address is in the auto white-list<\/pre>\n
Et voilou<\/p>\n","protected":false},"excerpt":{"rendered":"
Malgr\u00e9 des r\u00e8gles assez sympathiques (voyez ma doc Debian (encore ? oui oui) pour les mettre en place), il arrive que certains spams ne soient pas reconnus. Si vous avez envie d’\u00e9crire une r\u00e8gle hyper …<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,385,82],"tags":[137,13,136,14,138,11,12],"class_list":["post-103","post","type-post","status-publish","format-standard","hentry","category-debian","category-mails","category-pl","tag-anti-spam","tag-gaolandnet","tag-regle","tag-rule","tag-rulesemporium","tag-spam","tag-spamassassin"],"yoast_head":"\nSpamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique - Le blog de Michauko<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique - Le blog de Michauko\" \/>\n<meta property=\"og:description\" content=\"Malgr\u00e9 des r\u00e8gles assez sympathiques (voyez ma doc Debian (encore ? oui oui) pour les mettre en place), il arrive que certains spams ne soient pas reconnus. Si vous avez envie d’\u00e9crire une r\u00e8gle hyper …\" \/>\n<meta property=\"og:url\" content=\"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/\" \/>\n<meta property=\"og:site_name\" content=\"Le blog de Michauko\" \/>\n<meta property=\"article:published_time\" content=\"2008-01-25T16:36:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-04-16T09:32:45+00:00\" \/>\n<meta name=\"author\" content=\"michauko\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"michauko\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/\"},\"author\":{\"name\":\"michauko\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"headline\":\"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique\",\"datePublished\":\"2008-01-25T16:36:40+00:00\",\"dateModified\":\"2015-04-16T09:32:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/\"},\"wordCount\":231,\"commentCount\":6,\"keywords\":[\"anti-spam\",\"gaoland.net\",\"r\u00e8gle\",\"rule\",\"rulesemporium\",\"spam\",\"spamassassin\"],\"articleSection\":[\"Debian\",\"mails\",\"planet-libre.org\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/\",\"name\":\"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique - Le blog de Michauko\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\"},\"datePublished\":\"2008-01-25T16:36:40+00:00\",\"dateModified\":\"2015-04-16T09:32:45+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/spamassassin-se-creer-une-regle-de-detection-specifique-103\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\",\"name\":\"Le blog de Michauko\",\"description\":\"Si tu ne comprends pas le titre de l'article, passe ton chemin\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/michauko.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\",\"name\":\"michauko\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"caption\":\"michauko\"},\"sameAs\":[\"http:\\\/\\\/michauko.org\\\/\"],\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/author\\\/randomized2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique - Le blog de Michauko","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/","og_locale":"fr_FR","og_type":"article","og_title":"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique - Le blog de Michauko","og_description":"Malgr\u00e9 des r\u00e8gles assez sympathiques (voyez ma doc Debian (encore ? oui oui) pour les mettre en place), il arrive que certains spams ne soient pas reconnus. Si vous avez envie d’\u00e9crire une r\u00e8gle hyper …","og_url":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/","og_site_name":"Le blog de Michauko","article_published_time":"2008-01-25T16:36:40+00:00","article_modified_time":"2015-04-16T09:32:45+00:00","author":"michauko","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"michauko","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/#article","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/"},"author":{"name":"michauko","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"headline":"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique","datePublished":"2008-01-25T16:36:40+00:00","dateModified":"2015-04-16T09:32:45+00:00","mainEntityOfPage":{"@id":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/"},"wordCount":231,"commentCount":6,"keywords":["anti-spam","gaoland.net","r\u00e8gle","rule","rulesemporium","spam","spamassassin"],"articleSection":["Debian","mails","planet-libre.org"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/","url":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/","name":"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique - Le blog de Michauko","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/#website"},"datePublished":"2008-01-25T16:36:40+00:00","dateModified":"2015-04-16T09:32:45+00:00","author":{"@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"breadcrumb":{"@id":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/michauko.org\/blog\/spamassassin-se-creer-une-regle-de-detection-specifique-103\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/michauko.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Spamassassin : se cr\u00e9er une r\u00e8gle de d\u00e9tection sp\u00e9cifique"}]},{"@type":"WebSite","@id":"https:\/\/michauko.org\/blog\/#website","url":"https:\/\/michauko.org\/blog\/","name":"Le blog de Michauko","description":"Si tu ne comprends pas le titre de l'article, passe ton chemin","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/michauko.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9","name":"michauko","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","caption":"michauko"},"sameAs":["http:\/\/michauko.org\/"],"url":"https:\/\/michauko.org\/blog\/author\/randomized2\/"}]}},"_links":{"self":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/comments?post=103"}],"version-history":[{"count":3,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/103\/revisions"}],"predecessor-version":[{"id":1683,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/103\/revisions\/1683"}],"wp:attachment":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/media?parent=103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/categories?post=103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/tags?post=103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}