Effective image spam strategy
I've found the imageinfo Spamassassin plugin to be highly effective in flagging almost all of those insidious image spam emails.
For those who may be unfamiliar, here's how to install it.
- Shell into your Spamassassin directory (mine is located here: /etc/mail/spamassassin)
- type: wget
http://www.rulesemporium.com/plugins/ImageInfo.pm
- type: wget
http://www.rulesemporium.com/plugins/imageinfo.cf
(This downloads the ImageInfo.pm and imageinfo.cf files from the excellent Rules Emporium site.)
- Next, you'll need to edit the Spamassassin initialization file, init.pre, located in your spamasassin directory, so:
type: edit init.pre (or use your editor of choice) and add the following:
loadplugin Mail::SpamAssassin::Plugin::ImageInfo /etc/mail/spamassassin/ImageInfo.pm
You'll need to change the path to ImageInfo.pm if yours is located somewhere else, and be sure this statement is on a single line.
To finish, you'll want to restart EXIM. (If you run the fine MailScanner software from the ConfigServer folks, be sure to restart it as well.)
Further info: Depending on your particular SpamAssassin scoring scheme, you may wish to tweak some of the imageinfo scores. I bumped up the score for DC_IMG_HTML_RATIO and DC_IMG_TEXT_RATIO to 1.25 from their default 1.0
To add a custom score like this, you simply add the following to your local.cf file
score DC_IMG_HTML_RATIO 1.25
score DC_IMG_TEXT_RATIO 1.25
Oh, and I gather you're already running one of more RBLs ... but you'll also want to use RAZOR (
http://razor.sourceforge.net/) which is already part of the MailScanner package available here:
http://www.configserver.com/
Finally, if anyone is interested, I'd be happy to share my other SpamAssassin scoring tweaks ... but you'll find using imageinfo a wonderful weapon on its own.
Now if we could only educate the public to never, EVER, buy from spammers ... sigh.
Good luck! -- Bill
