spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sha...@shanew.net
Subject Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Date Tue, 20 Oct 2015 16:13:59 GMT
I've got 3.4.1 installed and sa-update runs regularly.

Unlike Larry (and others) I DO want to block the vast majority of the
new tlds, because we see nothing but spam from them (and my users tend
toward the more false-positives than false-negatives side of the
spectrum).  Rather than maintain a list of all the problematic tlds,
I'd rather have a blanket block rule with the ability whitelist the
handful that might be legit.

Is anyone doing anything like this (perhaps as a plugin)?


On Tue, 20 Oct 2015, Kevin A. McGrail wrote:

> If you have 3.4.1 and use sa-update then we add new tlds to a rule file that
> is then parsed.
> 
> This does not block those tlds. It let's the engine recognize the urls for
> further rules.
> 
> If you have a tld that is missed and you are using 3.4.1 with sa-update, let
> us know.
> Regards,
> KAM
> 
> On October 14, 2015 3:37:58 PM PDT, shanew@shanew.net wrote:
> 
> On Tue, 13 Oct 2015, Kevin A. McGrail wrote:
>  At the end of the day, if you are having problems with new TLDs, ONE soluti
> on
>  is to use something that uses SA 3.4.1 and has sa-update configured so you
>  get updates with said new TLDs.
> I think maybe people are confused about how exactly this change helps
> them get rid of all the spam that's coming from the "new" TLDs.
> So, in other words, having just updated to 3.4.1, how does one go from
> having a list of all the new TLDs that can now be nicely maintained
> with sa-update to getting rules which actually score against the vast
> majority of the new TLDs (since most of them seem to be 99.99% spam)?
> I had created a local rule before moving to 3.4.1 that looks for new
> TLDs in the Received, From and EnvelopeFrom
> headers, but it was
> obvious that this wasn't going to scale well.  Did the new system in
> 3.4.1 make this easier for me to do, or did it just make it possible
> for new TLDs to be handed off to RBLs and the like (not that that's
> not a major win)?
> Any elaboration (or a pointer to documentation (not the man page))
> would be greatly appreciated.
> 
> 
>

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew@shanew.net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew

Mime
View raw message