spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gregorie <>
Subject Re: .link TLD spammer haven?
Date Thu, 23 Oct 2014 21:56:02 GMT
On Thu, 2014-10-23 at 17:20 +0200, Axb wrote:
> As there's a bunch of other new TLDs being abused I would higly recomend 
> updating
> from
> on a Redhat flavour it goes in:
> locate
> /usr/local/share/perl5/Mail/SpamAssassin/Util/
> I updated this file yesterday.
> btw, the file includes instructions so you can update your own file 
> without depending on a SA dev remembering to do it.
Thanks for that. I've now installed it and have been running tests
against my spam corpus to make sure that this subrule:

	uri      __MG_LTD1   /\.link/i

was now working correctly. Its hit all the stuff I thought it should,
but my subrule turned out to be deficient because it will also hit any
URI containing .linkedin, so anybody who has copied it should rewrite
that rule so it looks like this:

	uri      __MG_LTD1   /(\.link$|\.link\/)/i

i.e. it will only match the TLD if it is preceded by a '.' and is
followed by either the end of the URI or '/'. The same will apply to
matching any uri rule that applies a blanket ban to a TLD.

NOTE: this is also insufficiently narrow because it will also match
something like but I'm too tired and
hungry to fix that right now: food calls. 

I've also written a bash script that automates the process of
downloading and installing It has been fairly
carefully tested in the Fedora environment and I think it should work on
almost any other Linux distro because it uses 'locate' to discover where
your system has installed. Apart from the module
name, only the URI needed to retrieve the module is hard coded - and I
chopped that in three (host name, path and module name) partly to allow
reuse of the module name and mostly because I hate script lines that are
longer than 80 characters. Here you go:

====================== start of sa_newtld script ======================
# sa_newtld

if [ "$1" == '-?' ]
   echo "Syntax:   sa_newtld"
   echo "Function: Replace the existing SA"
   echo "          with an updated version."
   echo "Options:  none"
   exit 1
tld=$(locate $mod)
curl -o $mod $src
sudo mv $mod $tld
sudo chown root.root $tld  
echo "Updated $mod!"
======================  end of sa_newtld script  ======================


View raw message