iXhash.pm is a plugin for SpamAssassin 3.1.0 and up. A version compatible with SpamAssassin 3.0 is provided as well.
Basically the plugin provides a network-based test, just as razor2, pyzor and DCC do. Working solely on the body of an email, it removes parts of it and computes a hash value from the rest. These values will then be looked up via DNS using the domains given in the config file(s). You need Net::DNS and Digest::MD5 installed.
Please note that, while this plugin realises some sort of 'fuzzy checksum', the fuzzyness is realised by reducing the body text of an email to its (characteristic) minumum. The MD5 hashing algorithm used is not fuzzy. Accordingly there are no 'confidence levels' or things of that sort. It's hit or no hit.
For those more deeply interested: This plugin is based on parts of the procmail-based project 'NiX Spam', developed by Bert Ungerer.(un@ix.de) If you can read German, read up at http://www.heise.de/ix/nixspam/. The procmail code producing the hashes only can be found here: ftp://ftp.ix.de/pub/ix/ix_listings/2004/05/checksumsNeeds a good discription of this plugin here.
Instructions
The top file is ixhash.cf - an example config file
The middle file 'ixhash.pm' is the current version, use this with SA 3.1.x
The bottom file is 'ixhash_v300.pm', use this if you run SA 3.0.x.
- copy paste the bottom half either 'ixhash.pm' or 'ixhash_v300.pm' into a file called ixhash.pm, depending on the SA version you plan to use the plugin with. 2. copy-paste the top half into a file called "ixhash.cf" 3. place ixhash.pm somewhere that is global r/x - like /etc/mail/spamassassin 4. edit the first line of ixhash.cf cf (loadplugin) to reflect where ixhash.pm is. 5. if you have to use the ixhash_v300.pm version, delete/comment the 'ixhash_timeout' line. This feature is not available with your version 6. copy ixhash.cf into /etc/mail/spamassasssin 7. run 'spamassassin -D < /some/mail/message', where '/some/mail/message' is a file containing an email. The copious output (on STDERR) should contain some occurences of 'IXHASH', showing you the plugin is being used. 8. restart spamd/amavisd/whateverDaemonUsesSpamAssassin
ixhash.cf
No Format |
---|
loadplugin Mail::SpamAssassin::Plugin::iXhash /path/to/iXhash.pm # This makes DNS queries time out after 10 seconds (2x default) ixhash_timeout 10 # This list uses iX Magazine's spam as datasource. body IXHASH eval:ixhashtest('ix.dnsbl.manitu.net') describe IXHASH This mail has been classified as spam @ iX Magazine, Germany tflags IXHASH net score IXHASH 1.5 # This list comes in @ spamtraps run by LogIn & Solutions AG, Germany # Manually verified stuff body LOGINHASH1 eval:ixhashtest('nospam.login-solutions.de') describe LOGINHASH1 mail has been classified as spam @ LogIn&Solutions AG, Germany tflags LOGINHASH1 net score LOGINHASH1 1.5 # This list contains hashes from Mails classified as spam at a larger company based in Germany # Lots of stuff, but automatically categorized and contributed body LOGINHASH2 eval:ixhashtest('nospam.login-solutions.ag') describe LOGINHASH2 mail has been classified as spam @ unknown company, Germany tflags LOGINHASH2 net score LOGINHASH2 1.5 |
...