You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ryefish <ev...@ryefish.com> on 2009/06/03 09:48:15 UTC
best way to mark TLDs as spam
Hello: I am attempting to configure SA to mark as spam all email from
Top-Level-Domains other than .com, .net, and .edu.
I have found three possible ways to do this. Which if any is the preferred
method:
1) blacklisting in local.cf:
add blacklist_from *.info, blacklist_from *.tv, blacklist_from *.fr, ...
requires 1 entry per undesired TLD, including one for each country
2) tweak the scores of existing rules in local.cf:
set custom scores for existing rules
requires knowing exactly which rules to set the custom score for
3) Create custom rule:
design a custom rule that sets score to 5 where FROM: NOT=.com|.net|.org
4) Some other way:
is there an easiery or more established solution to this?
TIA for any assistance you can provide,
Tim
--
View this message in context: http://www.nabble.com/best-way-to-mark-TLDs-as-spam-tp23847030p23847030.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: best way to mark TLDs as spam
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2009-06-03 at 00:48 -0700, an anonymous Nabble user wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the preferred
> method:
So that's why you use Nabble. You want my help, you don't want my mail.
If I'd where to implement this, I'd use the following easy, yet highly
effective config. Let me paste it...
X-Spam-Status: YES, score=1000.0 required=5.0 tests=BAYES_00,BANNED_TLD
autolearn=yes version=3.1.9
X-Spam-Reason: Mis-configuration on ryefish.com identified spam from
banned ccTLD de. Reminder of the mail suppressed.
Re: best way to mark TLDs as spam
Posted by ram <ra...@netcore.co.in>.
On Wed, 2009-06-03 at 00:48 -0700, ryefish wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the preferred
> method:
>
> 1) blacklisting in local.cf:
> add blacklist_from *.info, blacklist_from *.tv, blacklist_from *.fr, ...
> requires 1 entry per undesired TLD, including one for each country
>
> 2) tweak the scores of existing rules in local.cf:
> set custom scores for existing rules
> requires knowing exactly which rules to set the custom score for
>
> 3) Create custom rule:
> design a custom rule that sets score to 5 where FROM: NOT=.com|.net|.org
>
> 4) Some other way:
> is there an easiery or more established solution to this?
>
> TIA for any assistance you can provide,
> Tim
Why dont you block at the MTA ( much before the mail goes to SA )
If you use postfix
look for "check_sender_address"
I personally would never block an entire TLD , anyway your server your
rules
Re: best way to mark TLDs as spam
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2009-06-03 at 10:35 +0100, Martin Gregorie wrote:
> On Wed, 2009-06-03 at 00:48 -0700, an anonymous Nabble user wrote:
> > Hello: I am attempting to configure SA to mark as spam all email from
> > Top-Level-Domains other than .com, .net, and .edu.
> > I have found three possible ways to do this. Which if any is the preferred
> > method:
None of which is the preferred method. The whole concept is bound to
fail miserably in the first place.
> > 3) Create custom rule:
> > design a custom rule that sets score to 5 where FROM: NOT=.com|.net|.org
>
> IMO this is the easiest to implement.
Yep, that's quite trivial. And you easily can adjust the score for the
custom rule. Read, keep it *low*, so good mail at least got a chance to
reach you. Keep in mind that the option (1) triggers USER_IN_BLACKLIST,
worth a score of 100.
> However, whatever implementation you use is highly unlikely to do
> whatever you're trying to achieve. TLD assignments are far too widely
> misused and have too many widely held misconceptions to be a useful
> filter.
Yeah, I seriously don't think it will do what the OP wants. He
effectively does not want my mail. Neither Martin's reply. But obviously
he wants all the crap sent from freemail addresses, like gmail.
There are perfectly legitimate reasons to use a ccTLD indeed.
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: best way to mark TLDs as spam
Posted by Martin Gregorie <ma...@gregorie.org>.
On Wed, 2009-06-03 at 00:48 -0700, ryefish wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the preferred
> method:
>
> 3) Create custom rule:
> design a custom rule that sets score to 5 where FROM: NOT=.com|.net|.org
>
IMO this is the easiest to implement.
However, whatever implementation you use is highly unlikely to do
whatever you're trying to achieve. TLD assignments are far too widely
misused and have too many widely held misconceptions to be a useful
filter.
Martin
Re: best way to mark TLDs as spam
Posted by RW <rw...@googlemail.com>.
On Wed, 03 Jun 2009 11:28:59 -0400
Adam Katz <an...@khopis.com> wrote:
> The other is RelayCountry, which you'll have to enable in init.pre,
> which lets you discriminate against countries rather than just their
> domain names.
>
> This discrimination is unfair and quite prone to biting back at you,
> for example when you can't get mail from a legitimate contact in Hong
> Kong or a hotel in Paris.
RelayCountry can be very powerful if it's personalized, and sensibly
scored. In my case mail that passes through a country that doesn't
routinely send me ham scores 2 points, unless it's in my "axis-of-evil"
list, in which case it scores 4. About 90% of my spam hits one of these
and about 30% hits the higher level (obviously I don't score mailing
list addresses like this). Legitimate emails occasionally pick-up 2
points, I've never seen it cause an FP. For me it's comparable with
BAYES or URIBL lists, and it's very hard for spammers to get around it.
It seems sensible that some countries should be scored at least
enough so that BAYES_99 puts their spam over the threshold.
Re: best way to mark TLDs as spam
Posted by Adam Katz <an...@khopis.com>.
ryefish wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
What about .org, .us, .ca, .co.uk, and all the others that you have no
good reason to filter?
Usually, when I see this kind of reasoning, it's resulting from
frustration regarding all that foreign-originating spam. There are
two preferable ways to do this.
First, the only one I would consider, is ok_locales and ok_languages
(from the TextCat plugin, which you'll have to enable in v310.pre).
This will knock out all foreign language and foreign character-set
mail, erring on the side of false negatives.
The other is RelayCountry, which you'll have to enable in init.pre,
which lets you discriminate against countries rather than just their
domain names.
This discrimination is unfair and quite prone to biting back at you,
for example when you can't get mail from a legitimate contact in Hong
Kong or a hotel in Paris. Far safer to go after the foreign language.
RE: best way to mark TLDs as spam
Posted by Giampaolo Tomassoni <g....@libero.it>.
> -----Original Message-----
> From: Maurice Lucas - TAOS-IT [mailto:mslucas@taos-it.nl]
> Sent: Wednesday, June 03, 2009 5:06 PM
> To: ryefish; users@spamassassin.apache.org
> Subject: RE: best way to mark TLDs as spam
>
> > Hello: I am attempting to configure SA to mark as spam all email from
> > Top-Level-Domains other than .com, .net, and .edu.
> > I have found three possible ways to do this. Which if any is the
> > preferred
> > method:
> >
> > ...omissis...
> >
> > TIA for any assistance you can provide,
> >
>
> I really want to help you but I'm sorry you don't want my answer
>
> Sorry *.nl user.
> Better luck in your next life ;)
>
> With kind regards,
> met vriendelijke groet,
>
> Maurice Lucas
Also, he/she doesn't seem to need SA at all...
A .it, .eu and (brrr!) .biz user.
> TAOS-IT
> ………………………………………………………………....
> Paulus Buijsstraat 191
> 2613 HR Delft
> www.taos-it.nl
> KvK Haaglanden nr. 27254410
>
> Denk aan het milieu; is het afdrukken van deze e-mail echt
> noodzakelijk?
RE: best way to mark TLDs as spam
Posted by Maurice Lucas - TAOS-IT <ms...@taos-it.nl>.
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the
> preferred
> method:
>
> 1) blacklisting in local.cf:
> add blacklist_from *.info, blacklist_from *.tv, blacklist_from *.fr,
> ...
> requires 1 entry per undesired TLD, including one for each country
>
> 2) tweak the scores of existing rules in local.cf:
> set custom scores for existing rules
> requires knowing exactly which rules to set the custom score for
>
> 3) Create custom rule:
> design a custom rule that sets score to 5 where FROM:
> NOT=.com|.net|.org
>
> 4) Some other way:
> is there an easiery or more established solution to this?
>
> TIA for any assistance you can provide,
>
I really want to help you but I'm sorry you don't want my answer
Sorry *.nl user.
Better luck in your next life ;)
With kind regards,
met vriendelijke groet,
Maurice Lucas
TAOS-IT
………………………………………………………………....
Paulus Buijsstraat 191
2613 HR Delft
www.taos-it.nl
KvK Haaglanden nr. 27254410
Denk aan het milieu; is het afdrukken van deze e-mail echt noodzakelijk?