Your local SpamAssassin rules should be stored in a file called /etc/mail/spamassassin/local.cf if you want the rules applied to every user on the system, or ~/.spamassassin/user_pref if you want to have them only apply to your own email. All rules have three components:
- The rule itself
- A 2-5 word description of the rule for SpamAssassin reports (optional),
- A commensurate scoring for the rule if matched
As a simple example, here's a rule that applies against the body of messages that are being filtered:
body NO_VIOXX /vioxx/i
score NO_VIOXX 10
description NO_VIOXX messages that contain the word Vioxx
In this case, any message that contains "Vioxx" (without regard to the mix of upper and lower case, which is what the 'i' accomplishes in the pattern) will be given a score of +10, which might by itself make this an undelivered spam message (it actually depends on what threshold you specify in your (configuration file).
Having shown that, I use rawbody rather than body so that it catches words that appear in HTML formatted messages and messages with base64 or any other encoding scheme. Here are two actual rules from my own SpamAssassin rule set:
rawbody BECAUSE_OPTIN /because you opted-in/i
score BECAUSE_OPTIN 5.0
rawbody DEALSMINUTE /dealsbytheminute/i
score DEALSMINUTE 5.0
The first thing you'll notice is that I don't bother with the description field. I just try to use sufficiently mnemonic rule names.
Don't be fooled into thinking that you can only match rules and have things be more spammy. You can do the opposite instead, as shown here:
header ITS_DEREK ALL =~ /derek\@farmprints.com/i
score ITS_DEREK -100
Finally, you can also reassign the scoring of built-in rules too, by simply restating the score:
score SUBJ_FREE_CAP 4.0score FREE_PREVIEW 4.0
score HTTP_ESCAPED_HOST 4.0
Finally, don't forget to always run the command immediately after editing your configuration file to ensure that you haven't introduced any errors or typos into the rule set.
spamassassin –lint