You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Larry Goldman <lg...@allstarcomputerservices.com> on 2015/10/02 03:53:16 UTC
SpamAssassin Rules Regarding Abuse of New Top Level Domains
From http://spamassassin.apache.org:
> Latest News
>
> 2015-04-30: SpamAssassin 3.4.1 has been released! Highlights include:
>
> improved automation to help combat spammers that are abusing new top level domains;
>
I’m running SpamAssassin on CPanel shared hosting (GoDaddy). For several weeks, I’ve been inundated with spam from various new top-level domains: .date, .win,, .faith, .racing. CPanel has options for specifiying SpamAssassin rules, but no other configuration files are readily available for modification.
Where is this improved automation documented?
How can I stop the spam from new top level domains?
What (new) rules apply to unknown new top level domains?
How can I test reverse DNS for the sender?
Where is the best documentation for the entire current set of SpamAssassin rules?
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by RW <rw...@googlemail.com>.
On Thu, 1 Oct 2015 18:53:16 -0700
Larry Goldman wrote:
> From http://spamassassin.apache.org:
>
> > Latest News
> >
> > 2015-04-30: SpamAssassin 3.4.1 has been released! Highlights
> > include:
> >
> > improved automation to help combat spammers that are abusing new
> > top level domains;
> >
> I?m running SpamAssassin on CPanel shared hosting (GoDaddy). For
> several weeks, I?ve been inundated with spam from various new
> top-level domains: .date, .win,, .faith, .racing. CPanel has options
> for specifiying SpamAssassin rules, but no other configuration files
> are readily available for modification.
Are you sure you can create actual SpamAssassin rules? As opposed to
just adding blacklist_from entries and rescoring existing rules. I don't
see anything on the GoDaddy site to suggest you can, and they are
usually not supported on shared email servers because users may create
pathological rules that hog resources.
If not, all you can do is create blacklist entries like "*.science".
Whilst this will work, it is a hostage to fortune.
IIWY I'd look into whether GoDaddy provides any mechanism for training
SpamAssassin's Bayes component.
> Where is this improved automation documented?
It's not really something that end users need to know about. SA keeps a
list of TLDs that's used for finding domains in the text - mainly so
they can be looked-up in URI blocklists. That list is now distributed
with rule updates instead of as a part of the install.
> How can I stop the spam from new top level domains?
> What (new) rules apply to unknown new top level domains?
I don't think there are any, it's not really SpamAssassin's place to be
making policy decisions like that.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Martin Gregorie <ma...@gregorie.org>.
On Wed, 2015-10-14 at 10:36 -0400, Bill Cole wrote:
> Self-hosting email is feasible if you have a proper business-fit
> Internet connection: static IP, rDNS in your own domain, no filtering
> or DNS hijacking. MacOS X Server isn't a horrible (any more... ) mail
> server and if you're willing to manage it in Terminal, any old Mac
> can take a Postfix installation much like any other Unix-flavored OS
> and use SA via AmavisD (most common) or MIMEDefang (my preference).
> If your own connectivity isn't suited for self-hosting, there are
> specialist MacOS X hosting operations out there.
>
Actually, the there *is* one way that a small volume user can run their
own MTA and do it without port forwarding making holes in your
firewall. This is to use getmail to retrieve your mail from your ISP's
smarthost via a POP3 connection and deliver it to your MTA. Outgoing
mail is delivered to your ISP's smarthost by an SMTP connection as
usual. Doing it this way means that it doesn't matter whether you have
a static or dynamic IP because that's invisible to an outsider: they
see their mail going to and coming from to the ISP and nothing else.
I've been doing it this way for several years. Points, in order of
incoming mail flow:
- I prefer getmail to the more commonly recommended fetchmail
because it has fewer bugs and doesn't forget to delete mail
its fetched from the ISP's POP3 mailbox.
The main operational difference is that, while fetchmail is a daemon
which schedules its own POP3 sessions to fetch mail from the ISP's
smarthost, getmail is run as a cron job with a 10-15 minute cycle.
- Both getmail and fetchmail use a script as their mail delivery
agent. The same script works with both programs, so swapping between
them is easy. I filter incoming mail by calling spamc from the MDA
script and pipe spamc's output through a locally written program.
This pipes ham into postfix's sendmail for local delivery to my MTA
and drops spam into a quarantine folder.
- a daily cron job deletes quarantined mail after a week.
- my house server runs Apache as well as Postfix, SA and the getmail
and quarantine cleaning cron jobs. I wrote myself a PHP script for
looking at quarantined mail.
- I use Postfix as my MTA and back-end it with Dovecot to provide a
POP3 service to the MUA on this 'ere laptop.
- My MUA sends outbound mail to my Postfix MTA, which forwards it to my
ISP's smarthost using SMTP.
- Outbound mail follows this path so it will feed into my mail archive,
which hoovers up all non-spam inbound and all outbound mail via an
automatic BCC in Postfix and an overnight cron job which archives all
the mail that gets BCCed to its mailbox. This provides me with a
private, automatic whitelisting service: a personal SA plugin looks
up the senders of inbound mail in the archive: if I've ever sent them
mail, they get whitelisted.
As Bill Cole said, this type of mail system is largely maintenance free
once its set up and working correctly. Almost the only thing I need to
do to it is to add an SA rule or two if a new form of spam comes along.
All the mail handling programs (getmail, Postfix, Dovecot, Evolution
[my MUA of choice]) are standard packages, so get updated
automatically. The various cron jobs just sit in the background and do
their stuff. I get a daily report on how things are going via logwatch,
so its easy to keep an eye on how its all going, how much junk is in
quarantine, etc.
Martin
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 13 Oct 2015, at 15:08, Larry Goldman wrote:
> My experience to date is that GoDaddy doesn’t really support the
> internals of CPanel, and CPanel doesn’t provide end-user customer
> support either.
Cheap is indeed cheap. Skilled individualized MTA & anti-spam support is
NOT cheap.
> I figured I would try to solve the problem myself (with this mailing
> list’s help), or consider hosting my own (OS X) email server so I
> have full control of SA. I’m a Mac OS X house and don’t really
> want to deal with the Exchange-hosted email GoDaddy offers as its only
> alternative.
Self-hosting email is feasible if you have a proper business-fit
Internet connection: static IP, rDNS in your own domain, no filtering or
DNS hijacking. MacOS X Server isn't a horrible (any more... ) mail
server and if you're willing to manage it in Terminal, any old Mac can
take a Postfix installation much like any other Unix-flavored OS and use
SA via AmavisD (most common) or MIMEDefang (my preference). If your own
connectivity isn't suited for self-hosting, there are specialist MacOS X
hosting operations out there.
FWIW, I've been hosting my heavily-spam-targeted personal domain for 20+
years on MacOS, originally on System 7.5 and evolving through many
different MTAs and MacOS versions. That's far from a full-time task, it
takes less work than any of the multiple mail systems on multiple
platforms that I help manage for others who fund my paychecks, and all
together my mail admin toil doesn't constitute most of my work. So
unless you have a large complex mail system (i.e. unfit for cheap
hosting anyway) you're not committing to a new full-time position or a
second full-time job for yourself by self-hosting. It's a substantial
bit of effort to stand up any solid mail system, but not really much to
keep one working well.
> What are DNS “free limits”?
For details, see the URL provided in the URIBL_BLOCKED rule description:
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block and the
specific details at the URIBL page linked from there.
> Since CPanel is a shared-hosting setup, is it obvious that I am using
> a shared DNS server?
I'm unclear on why that would matter or even exactly what you're
asking... CPanel is used to manage virtual and real dedicated private
servers and I know in the past it has been possible to manage an
autonomous DNS server with it, so CPanel doesn't necessarily mean that
you must use a shared DNS server.
The DNSBL's that work on a free-for-some+big-boys-pay business model
don't specifically target shared DNS servers per se, they target large
users and can't readily tell the difference between large single
organizations and providers of shared DNS resolution. However, there are
strong incentives beyond DNSBL blocking of shared DNS for any MTA to
have a caching DNS resolver which is configured with MTA usage in mind
on the same host or at least on the same LAN. DNS performance can be a
bottleneck for MTA operation and an MTA should avoid any use of a
resolver that is actively managed to protect web browsers from
themselves or mask/mitigate external DNS problems in any way.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
My experience to date is that GoDaddy doesn’t really support the internals of CPanel, and CPanel doesn’t provide end-user customer support either.
I figured I would try to solve the problem myself (with this mailing list’s help), or consider hosting my own (OS X) email server so I have full control of SA. I’m a Mac OS X house and don’t really want to deal with the Exchange-hosted email GoDaddy offers as its only alternative.
What are DNS “free limits”? Since CPanel is a shared-hosting setup, is it obvious that I am using a shared DNS server?
> On Oct 13, 2015, at 11:54 AM, Kevin A. McGrail <KM...@PCCC.com> wrote:
>
> On 10/13/2015 2:40 PM, Larry Goldman wrote:
>>
>>> On Oct 13, 2015, at 6:49 AM, Kevin A. McGrail <KMcGrail@PCCC.com <ma...@pccc.com>> wrote:
>>>
>>> On 10/12/2015 2:15 PM, Larry Goldman wrote:
>>>> I’m using the CPanel shared hosting on GoDaddy. Inside there, SpamAssassin is running.
>>> GoDaddy might not be running sa-update or a new enough version of SA to take advantage of the TLD updates we can push centrally.
>>
>> It seems that CPanel is an independent product that GoDaddy serves. It may be that the version of CPanel in use is not using up-to-date SA, which is a problem.
>>
>> How can I determine which version of SA is being used, without terminal access?
> While your answer makes sense that you have a provider using a product that uses SA that introduces a lot of questions about which version of SA and if sa-update is involved, I don't see any hints in the output about what version of SA is involved specifically.
>
> The questions really need to go to goDaddy though I'll admit they are a huge provider so someone else here might know the answer.
>
> I also see this where you are likely using a DNS server that is shared with others and hence you are over the free limits:
>
> 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
> See
> <http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block>http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block <http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block>
> for more information.
> [URIs: allstarcomputerservices.com <http://allstarcomputerservices.com/>]
>
> Regards,
> KAM
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 10/13/2015 2:40 PM, Larry Goldman wrote:
>
>> On Oct 13, 2015, at 6:49 AM, Kevin A. McGrail <KMcGrail@PCCC.com
>> <ma...@pccc.com>> wrote:
>>
>> On 10/12/2015 2:15 PM, Larry Goldman wrote:
>>> I’m using the CPanel shared hosting on GoDaddy. Inside there,
>>> SpamAssassin is running.
>> GoDaddy might not be running sa-update or a new enough version of SA
>> to take advantage of the TLD updates we can push centrally.
>
> It seems that CPanel is an independent product that GoDaddy serves. It
> may be that the version of CPanel in use is not using up-to-date SA,
> which is a problem.
>
> How can I determine which version of SA is being used, without
> terminal access?
While your answer makes sense that you have a provider using a product
that uses SA that introduces a lot of questions about which version of
SA and if sa-update is involved, I don't see any hints in the output
about what version of SA is involved specifically.
The questions really need to go to goDaddy though I'll admit they are a
huge provider so someone else here might know the answer.
I also see this where you are likely using a DNS server that is shared
with others and hence you are over the free limits:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: allstarcomputerservices.com
<http://allstarcomputerservices.com>]
Regards,
KAM
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Joe Quinn <jq...@pccc.com>.
On 10/14/2015 12:00 PM, Bill Cole wrote:
>> Describe, in detail, the new SA technology which fights abuse of new
>> TLDs.
>
> Prior to v3.4.1, the mechanism for detecting and parsing hostnames to
> identify body URIs used an embedded array of hardcoded domains in
> Mail/SpamAssassin/Util/RegistrarBoundaries.pm. This resulted in many
> URIs in the new TLDs not being detected and filtered as URIs. In
> v3.4.1 there is the new Mail/SpamAssassin/RegistryBoundaries.pm and
> the file 20_aux_tlds.cf in the canonical rules set which now contains
> a comprehensive maintained list of TLDs and other registry-managed
> domains.
A mention of why the list is even needed:
Most URLs are obvious and of the form
"http://sub.domain.tld/blahblahblah" and easy to detect. However, mail
clients will also accept things like "sub.domain.tld/blahblahblah"
without the protocol. We want to detect as many URLs as possible and
ideally zero non-URLs, because each can turn into multiple DNS lookups.
The list of TLDs gives us a way to eliminate obvious non-URLs, but it
was designed when the worst we had to deal with was 100-ish ccTLDs that
rarely changed. Nowadays it's easy for spammers to buy up garbage
domains like example.bacon / example.click / example.industries, making
an up to date list of TLDs much more important.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 13 Oct 2015, at 16:04, Larry Goldman wrote:
> Point me to the documentation of the SpamAssassin framework.
You mentioned being a Mac user so in addition to the website Dianne
pointed you to or manually installing from the SA source tarball, you
can get a working installation with all of the embedded documentation
(which is fairly good and complete) via MacPorts (& probably Homebrew as
well) or by shelling out the $29 that Apple is now charging for the
"Server" application package. It is the norm for Perl frameworks to have
embedded 'pod' documentation, so if you have shell access on a box with
SA installed, the docs are just a 'perldoc' command away and often also
have been converted to 'man' pages.
> Where are rules documented?
To the degree that they are (which varies) they are documented in the
rules files themselves, which
> What are the current rules?
The canonical means of getting the current rules files is the
'sa-update' tool, which finds the current mirrors and rules revision
dynamically, downloads the latest released tarball, and verifies their
authenticity using GPG. The basis of the canonical current rule set can
be seen at http://svn.apache.org/viewvc/spamassassin/trunk/rules/ which
can be checked out using Subversion from
http://svn.apache.org/repos/asf/spamassassin/trunk/rules.
> Describe, in detail, the new SA technology which fights abuse of new
> TLDs.
Prior to v3.4.1, the mechanism for detecting and parsing hostnames to
identify body URIs used an embedded array of hardcoded domains in
Mail/SpamAssassin/Util/RegistrarBoundaries.pm. This resulted in many
URIs in the new TLDs not being detected and filtered as URIs. In v3.4.1
there is the new Mail/SpamAssassin/RegistryBoundaries.pm and the file
20_aux_tlds.cf in the canonical rules set which now contains a
comprehensive maintained list of TLDs and other registry-managed
domains.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Paul Stead <pa...@zeninternet.co.uk>.
On 20/10/15 21:10, Axb wrote:
> On 10/20/2015 10:04 PM, RW wrote:
>> On Tue, 20 Oct 2015 13:29:45 -0500 (CDT)
>> shanew@shanew.net wrote:
>>
>>
>>> I already have rules that score for these tlds in received or envelope
>>> from, but I'm getting tired of making the regular expression longer
>>> and longer (in two different places), and I know there's a smarter
>>> way. Whether I'm smart enough to implement that smarter way is
>>> another matter entirely.
>>>
>>> Is there an existing (relatively simple) plugin that behaves similarly
>>> that I could crib from?
>>
>
> or put a choice of wildcarded TLDs in a rbldnsd zone and use a header
> check_rbl_envfrom rule for senders and URIBL.pm plugin lookups
>
Another way to achieve this, without rbldnsd etc, just need to make sure
WLBLEval is enabled:
loadplugin Mail::SpamAssassin::Plugin::WLBLEval
enlist_uri_host (NEWSPAMMY) date
enlist_uri_host (NEWSPAMMY) win
enlist_uri_host (NEWSPAMMY) faith
enlist_uri_host (NEWSPAMMY) racing
These can then be used with eval rules:
To check all URIs:
header PDS_OTHER_BAD_TLD eval:check_uri_host_listed('NEWSPAMMY')
score PDS_OTHER_BAD_TLD 0.1
describe PDS_OTHER_BAD_TLD Other untrustworthy TLDs
if you just want to check From address:
header PDS_OTHER_BAD_TLD eval:check_from_in_list('NEWSPAMMY')
--
Paul Stead
Systems Engineer
Zen Internet
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Axb <ax...@gmail.com>.
On 10/20/2015 10:04 PM, RW wrote:
> On Tue, 20 Oct 2015 13:29:45 -0500 (CDT)
> shanew@shanew.net wrote:
>
>
>> I already have rules that score for these tlds in received or envelope
>> from, but I'm getting tired of making the regular expression longer
>> and longer (in two different places), and I know there's a smarter
>> way. Whether I'm smart enough to implement that smarter way is
>> another matter entirely.
>>
>> Is there an existing (relatively simple) plugin that behaves similarly
>> that I could crib from?
>
> You don't need a plugin, just autogenerate your rules from this:
>
> http://data.iana.org/TLD/tlds-alpha-by-domain.txt
or put a choice of wildcarded TLDs in a rbldnsd zone and use a header
check_rbl_envfrom rule for senders and URIBL.pm plugin lookups
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by RW <rw...@googlemail.com>.
On Tue, 20 Oct 2015 13:29:45 -0500 (CDT)
shanew@shanew.net wrote:
> I already have rules that score for these tlds in received or envelope
> from, but I'm getting tired of making the regular expression longer
> and longer (in two different places), and I know there's a smarter
> way. Whether I'm smart enough to implement that smarter way is
> another matter entirely.
>
> Is there an existing (relatively simple) plugin that behaves similarly
> that I could crib from?
You don't need a plugin, just autogenerate your rules from this:
http://data.iana.org/TLD/tlds-alpha-by-domain.txt
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by sh...@shanew.net.
On Tue, 20 Oct 2015, Rob McEwen wrote:
> On 10/20/2015 12:13 PM, shanew@shanew.net wrote:
>> Unlike Larry (and others) I DO want to block the vast majority of the
>> new tlds, because we see nothing but spam from them (and my users tend
>> toward the more false-positives than false-negatives side of the
>> spectrum). Rather than maintain a list of all the problematic tlds,
>> I'd rather have a blanket block rule with the ability whitelist the
>> handful that might be legit.
>
> Be careful about doing this for the long term. I think that spammer exploit
> new TLDs because they know that many anti-spam systems don't account for them
> correctly at first. (and/or maybe they are cheaper at first?). But in the
> longer term (years down the road).. they tend to move on to other ones, while
> the legit TLDs slowly increase. So this strategy can backfire in the long
> term. (but, of course, MMV... and some smaller hosters don't have to be as
> concerned about a few extra FPs)
I totally agree. In fact, I assume anything I'm doing right now to
successfully block spam could change tomorrow, much less months or
years from now. For now, though, I'm seeing almost no legitimate
traffic from most of the new ones (I'm thinking of the longer ones
especially; .work, .ninja, .site, .science, etc.).
I already have rules that score for these tlds in received or envelope
from, but I'm getting tired of making the regular expression longer
and longer (in two different places), and I know there's a smarter
way. Whether I'm smart enough to implement that smarter way is
another matter entirely.
Is there an existing (relatively simple) plugin that behaves similarly
that I could crib from?
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | shanew@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Rob McEwen <ro...@invaluement.com>.
On 10/20/2015 12:13 PM, shanew@shanew.net wrote:
> Unlike Larry (and others) I DO want to block the vast majority of the
> new tlds, because we see nothing but spam from them (and my users tend
> toward the more false-positives than false-negatives side of the
> spectrum). Rather than maintain a list of all the problematic tlds,
> I'd rather have a blanket block rule with the ability whitelist the
> handful that might be legit.
Be careful about doing this for the long term. I think that spammer
exploit new TLDs because they know that many anti-spam systems don't
account for them correctly at first. (and/or maybe they are cheaper at
first?). But in the longer term (years down the road).. they tend to
move on to other ones, while the legit TLDs slowly increase. So this
strategy can backfire in the long term. (but, of course, MMV... and some
smaller hosters don't have to be as concerned about a few extra FPs)
--
Rob McEwen
+1 478-475-9032
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by sh...@shanew.net.
I've got 3.4.1 installed and sa-update runs regularly.
Unlike Larry (and others) I DO want to block the vast majority of the
new tlds, because we see nothing but spam from them (and my users tend
toward the more false-positives than false-negatives side of the
spectrum). Rather than maintain a list of all the problematic tlds,
I'd rather have a blanket block rule with the ability whitelist the
handful that might be legit.
Is anyone doing anything like this (perhaps as a plugin)?
On Tue, 20 Oct 2015, Kevin A. McGrail wrote:
> If you have 3.4.1 and use sa-update then we add new tlds to a rule file that
> is then parsed.
>
> This does not block those tlds. It let's the engine recognize the urls for
> further rules.
>
> If you have a tld that is missed and you are using 3.4.1 with sa-update, let
> us know.
> Regards,
> KAM
>
> On October 14, 2015 3:37:58 PM PDT, shanew@shanew.net wrote:
>
> On Tue, 13 Oct 2015, Kevin A. McGrail wrote:
> At the end of the day, if you are having problems with new TLDs, ONE soluti
> on
> is to use something that uses SA 3.4.1 and has sa-update configured so you
> get updates with said new TLDs.
> I think maybe people are confused about how exactly this change helps
> them get rid of all the spam that's coming from the "new" TLDs.
> So, in other words, having just updated to 3.4.1, how does one go from
> having a list of all the new TLDs that can now be nicely maintained
> with sa-update to getting rules which actually score against the vast
> majority of the new TLDs (since most of them seem to be 99.99% spam)?
> I had created a local rule before moving to 3.4.1 that looks for new
> TLDs in the Received, From and EnvelopeFrom
> headers, but it was
> obvious that this wasn't going to scale well. Did the new system in
> 3.4.1 make this easier for me to do, or did it just make it possible
> for new TLDs to be handed off to RBLs and the like (not that that's
> not a major win)?
> Any elaboration (or a pointer to documentation (not the man page))
> would be greatly appreciated.
>
>
>
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | shanew@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
If you have 3.4.1 and use sa-update then we add new tlds to a rule file that is then parsed.
This does not block those tlds. It let's the engine recognize the urls for further rules.
If you have a tld that is missed and you are using 3.4.1 with sa-update, let us know.
Regards,
KAM
On October 14, 2015 3:37:58 PM PDT, shanew@shanew.net wrote:
>On Tue, 13 Oct 2015, Kevin A. McGrail wrote:
>
>> At the end of the day, if you are having problems with new TLDs, ONE
>solution
>> is to use something that uses SA 3.4.1 and has sa-update configured
>so you
>> get updates with said new TLDs.
>
>I think maybe people are confused about how exactly this change helps
>them get rid of all the spam that's coming from the "new" TLDs.
>
>So, in other words, having just updated to 3.4.1, how does one go from
>having a list of all the new TLDs that can now be nicely maintained
>with sa-update to getting rules which actually score against the vast
>majority of the new TLDs (since most of them seem to be 99.99% spam)?
>
>I had created a local rule before moving to 3.4.1 that looks for new
>TLDs in the Received, From and EnvelopeFrom headers, but it was
>obvious that this wasn't going to scale well. Did the new system in
>3.4.1 make this easier for me to do, or did it just make it possible
>for new TLDs to be handed off to RBLs and the like (not that that's
>not a major win)?
>
>Any elaboration (or a pointer to documentation (not the man page))
>would be greatly appreciated.
>
>--
>Public key #7BBC68D9 at | Shane Williams
>http://pgp.mit.edu/ | System Admin - UT CompSci
>=----------------------------------+-------------------------------
>All syllogisms contain three lines | shanew@shanew.net
>Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by sh...@shanew.net.
On Tue, 13 Oct 2015, Kevin A. McGrail wrote:
> At the end of the day, if you are having problems with new TLDs, ONE solution
> is to use something that uses SA 3.4.1 and has sa-update configured so you
> get updates with said new TLDs.
I think maybe people are confused about how exactly this change helps
them get rid of all the spam that's coming from the "new" TLDs.
So, in other words, having just updated to 3.4.1, how does one go from
having a list of all the new TLDs that can now be nicely maintained
with sa-update to getting rules which actually score against the vast
majority of the new TLDs (since most of them seem to be 99.99% spam)?
I had created a local rule before moving to 3.4.1 that looks for new
TLDs in the Received, From and EnvelopeFrom headers, but it was
obvious that this wasn't going to scale well. Did the new system in
3.4.1 make this easier for me to do, or did it just make it possible
for new TLDs to be handed off to RBLs and the like (not that that's
not a major win)?
Any elaboration (or a pointer to documentation (not the man page))
would be greatly appreciated.
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | shanew@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 10/13/2015 4:14 PM, Larry Goldman wrote:
> Way the best answer, Dianne! Thanks!
To add a 3rd answer, I want you to know that you ARE correct. Godaddy
provides you a service which is not functioning as you would like. Who
they choose, what their vendors choose, etc. is not really your job as a
customer but I personally appreciate the sleuthing.
However, your first line of support is your provider, GoDaddy. You've
now gone over and above the call of duty trying to help them help you, etc.
At the end of the day, if you are having problems with new TLDs, ONE
solution is to use something that uses SA 3.4.1 and has sa-update
configured so you get updates with said new TLDs. What GoDaddy plans to
do about the issue is where you should start or you could research
whether cpanel offers SA 3.4.1. From looking, they were working on
3.4.1 integration about a month ago...
https://features.cpanel.net/topic/update-to-spamassassin-3-4-1 and
whether they are using sa-update is something to ask GoDaddy to ask cpanel.
Hope this helps!
Regards,
KAM
>
>> On Oct 13, 2015, at 1:11 PM, Dianne Skoll <df...@roaringpenguin.com> wrote:
>>
>> On Tue, 13 Oct 2015 13:04:36 -0700
>> Larry Goldman <lg...@allstarcomputerservices.com> wrote:
>>
>>> Point me to the documentation of the SpamAssassin framework. Where
>>> are rules documented? What are the current rules? Describe, in
>>> detail, the new SA technology which fights abuse of new TLDs.
>> man Mail::SpamAssassin::Conf
>>
>> Or if you want an online resource,
>> https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
>>
>>> Thank you for your advice. I don't really plan on devoting my life to
>>> administering my generic email service.
>> Not your life, but you probably need to devote at least a few minutes a day
>> to tending to the anti-spam component, assuming this is a small server
>> with at most a couple of dozen mailboxes.
>>
>> Regards,
>>
>> Dianne.
--
*Kevin A. McGrail*
CEO
Peregrine Computer Consultants Corporation
3927 Old Lee Highway, Suite 102-C
Fairfax, VA 22030-2422
http://www.pccc.com/
703-359-9700 x50 / 800-823-8402 (Toll-Free)
703-798-0171 (wireless)
KMcGrail@PCCC.com <ma...@pccc.com>
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
Way the best answer, Dianne! Thanks!
> On Oct 13, 2015, at 1:11 PM, Dianne Skoll <df...@roaringpenguin.com> wrote:
>
> On Tue, 13 Oct 2015 13:04:36 -0700
> Larry Goldman <lg...@allstarcomputerservices.com> wrote:
>
>> Point me to the documentation of the SpamAssassin framework. Where
>> are rules documented? What are the current rules? Describe, in
>> detail, the new SA technology which fights abuse of new TLDs.
>
> man Mail::SpamAssassin::Conf
>
> Or if you want an online resource,
> https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
>
>> Thank you for your advice. I don't really plan on devoting my life to
>> administering my generic email service.
>
> Not your life, but you probably need to devote at least a few minutes a day
> to tending to the anti-spam component, assuming this is a small server
> with at most a couple of dozen mailboxes.
>
> Regards,
>
> Dianne.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 13 Oct 2015 16:11:49 -0400
Dianne Skoll <df...@roaringpenguin.com> wrote:
> Or if you want an online resource,
> https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
D'oh, that's a link to an old version... sorry.
http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin.html
is probably a better starting point.
Regards,
Dianne.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 13 Oct 2015 13:04:36 -0700
Larry Goldman <lg...@allstarcomputerservices.com> wrote:
> Point me to the documentation of the SpamAssassin framework. Where
> are rules documented? What are the current rules? Describe, in
> detail, the new SA technology which fights abuse of new TLDs.
man Mail::SpamAssassin::Conf
Or if you want an online resource,
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
> Thank you for your advice. I don't really plan on devoting my life to
> administering my generic email service.
Not your life, but you probably need to devote at least a few minutes a day
to tending to the anti-spam component, assuming this is a small server
with at most a couple of dozen mailboxes.
Regards,
Dianne.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
Point me to the documentation of the SpamAssassin framework. Where are rules documented? What are the current rules? Describe, in detail, the new SA technology which fights abuse of new TLDs.
Thank you for your advice. I don’t really plan on devoting my life to administering my generic email service.
> On Oct 13, 2015, at 12:58 PM, Reindl Harald <h....@thelounge.net> wrote:
>
>
>
> Am 13.10.2015 um 21:48 schrieb Larry Goldman:
>> It seems that a basic function of an email service provider, these days, is to keep up with spam. There is nothing unusual about my email.
>>
>> SpamAssassin is a framework: a framework with seemingly no documentation at all
>
> no documentationat all?
> seriously?
>
> first: most docs are wothless for you until you manage the whole setup
> second: you need to *unerstand* the details to manage am mailserber
> third: a good start would be to not press "reply-all" on a mailing list
>
> if you want to setup a good spamfilter you need to learn a ton of details about all of the involved lyers of mail/dns and invest a huge amount of time, trying, verify and learning to manage it and even after 10 years of doing it somehow perfect you will learn each day new things
>
> in short: it's a lifetime job and if yu don't want to invest the time and energy just delete the mails making it through - you likely have o ckue what amount is alreay blocked - in a good setup only 7-10% of all junk makes it to the content filtes and 95% of all inbound mail is rejected long before
>
>>> Am 13.10.2015 um 21:34 schrieb Larry Goldman:
>>>> I couldn’t pay a full-time guy for what I’m paying to use CPanel.
>>>>
>>>> I was hoping/expecting that the $ all of us shared users of CPanel are
>>>> paying for the product would eventually be paying a full-time guy/gurl
>>>> to support the product.
>>>
>>> that is what you get until a limted degree
>>>
>>> but you can't expect perfect results as long you don't want to get yout own hands dirty - most pay services are "good enough", not more and not less - they work average good with no time invest for a lot of people
>>>
>>> it's simliar to "i can do anything somehow good enough but nothing really good" and especially when it comes ot mail filtering it's a sharp dedge because of the moving traget and the risk of false-positives which does much more harm then 20 spam mails
>>>
>>> accept the result of a managed service or suck the work you need to do it at your own - you can't have both at the same time
>>>
>>> SpamAssassin is just a FRAMEWORK - not more and not less
>>>
>>>>> On Oct 13, 2015, at 12:19 PM, Reindl Harald <h.reindl@thelounge.net
>>>>> <ma...@thelounge.net>> wrote:
>>>>>
>>>>> it's just the truth, maintaining mailservices is a FULLTIME-JOB and
>>>>> that won't change in the near future
>
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Reindl Harald <h....@thelounge.net>.
Am 13.10.2015 um 21:48 schrieb Larry Goldman:
> It seems that a basic function of an email service provider, these days, is to keep up with spam. There is nothing unusual about my email.
>
> SpamAssassin is a framework: a framework with seemingly no documentation at all
no documentationat all?
seriously?
first: most docs are wothless for you until you manage the whole setup
second: you need to *unerstand* the details to manage am mailserber
third: a good start would be to not press "reply-all" on a mailing list
if you want to setup a good spamfilter you need to learn a ton of
details about all of the involved lyers of mail/dns and invest a huge
amount of time, trying, verify and learning to manage it and even after
10 years of doing it somehow perfect you will learn each day new things
in short: it's a lifetime job and if yu don't want to invest the time
and energy just delete the mails making it through - you likely have o
ckue what amount is alreay blocked - in a good setup only 7-10% of all
junk makes it to the content filtes and 95% of all inbound mail is
rejected long before
>> Am 13.10.2015 um 21:34 schrieb Larry Goldman:
>>> I couldn’t pay a full-time guy for what I’m paying to use CPanel.
>>>
>>> I was hoping/expecting that the $ all of us shared users of CPanel are
>>> paying for the product would eventually be paying a full-time guy/gurl
>>> to support the product.
>>
>> that is what you get until a limted degree
>>
>> but you can't expect perfect results as long you don't want to get yout own hands dirty - most pay services are "good enough", not more and not less - they work average good with no time invest for a lot of people
>>
>> it's simliar to "i can do anything somehow good enough but nothing really good" and especially when it comes ot mail filtering it's a sharp dedge because of the moving traget and the risk of false-positives which does much more harm then 20 spam mails
>>
>> accept the result of a managed service or suck the work you need to do it at your own - you can't have both at the same time
>>
>> SpamAssassin is just a FRAMEWORK - not more and not less
>>
>>>> On Oct 13, 2015, at 12:19 PM, Reindl Harald <h.reindl@thelounge.net
>>>> <ma...@thelounge.net>> wrote:
>>>>
>>>> it's just the truth, maintaining mailservices is a FULLTIME-JOB and
>>>> that won't change in the near future
CPanel (was Re: SpamAssassin Rules Regarding Abuse of New Top Level
Domains)
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 13 Oct 2015 12:48:58 -0700
Larry Goldman <lg...@allstarcomputerservices.com> wrote:
> SpamAssassin is a framework: a framework with seemingly no
> documentation at all. I was considering downloading the source files
> to see if the framework is documented there. Is that what it takes to
> administer a mail service? Why can’t an expert (at CPanel) do this
> for me?
As I mentioned, CPanel is just a control panel that saves you from
having to edit UNIX configuration files. They throw so-called anti-spam
services in because (1) SpamAssassin is free, and (2) they have a nice
shiny checkbox in their feature matrix in the glossy magazines.
If you actually want effective and vigilantly-maintained anti-spam
service, you either have to do it yourself (and that could be a fair
bit of work, but may be quite rewarding) or pay for a proper anti-spam
service.
Regards,
Dianne.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
It seems that a basic function of an email service provider, these days, is to keep up with spam. There is nothing unusual about my email.
SpamAssassin is a framework: a framework with seemingly no documentation at all. I was considering downloading the source files to see if the framework is documented there. Is that what it takes to administer a mail service? Why can’t an expert (at CPanel) do this for me?
> On Oct 13, 2015, at 12:41 PM, Reindl Harald <h....@thelounge.net> wrote:
>
>
>
> Am 13.10.2015 um 21:34 schrieb Larry Goldman:
>> I couldn’t pay a full-time guy for what I’m paying to use CPanel.
>>
>> I was hoping/expecting that the $ all of us shared users of CPanel are
>> paying for the product would eventually be paying a full-time guy/gurl
>> to support the product.
>
> that is what you get until a limted degree
>
> but you can't expect perfect results as long you don't want to get yout own hands dirty - most pay services are "good enough", not more and not less - they work average good with no time invest for a lot of people
>
> it's simliar to "i can do anything somehow good enough but nothing really good" and especially when it comes ot mail filtering it's a sharp dedge because of the moving traget and the risk of false-positives which does much more harm then 20 spam mails
>
> accept the result of a managed service or suck the work you need to do it at your own - you can't have both at the same time
>
> SpamAssassin is just a FRAMEWORK - not more and not less
>
>>> On Oct 13, 2015, at 12:19 PM, Reindl Harald <h.reindl@thelounge.net
>>> <ma...@thelounge.net>> wrote:
>>>
>>> it's just the truth, maintaining mailservices is a FULLTIME-JOB and
>>> that won't change in the near future
>
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Reindl Harald <h....@thelounge.net>.
Am 13.10.2015 um 21:34 schrieb Larry Goldman:
> I couldn’t pay a full-time guy for what I’m paying to use CPanel.
>
> I was hoping/expecting that the $ all of us shared users of CPanel are
> paying for the product would eventually be paying a full-time guy/gurl
> to support the product.
that is what you get until a limted degree
but you can't expect perfect results as long you don't want to get yout
own hands dirty - most pay services are "good enough", not more and not
less - they work average good with no time invest for a lot of people
it's simliar to "i can do anything somehow good enough but nothing
really good" and especially when it comes ot mail filtering it's a sharp
dedge because of the moving traget and the risk of false-positives which
does much more harm then 20 spam mails
accept the result of a managed service or suck the work you need to do
it at your own - you can't have both at the same time
SpamAssassin is just a FRAMEWORK - not more and not less
>> On Oct 13, 2015, at 12:19 PM, Reindl Harald <h.reindl@thelounge.net
>> <ma...@thelounge.net>> wrote:
>>
>> it's just the truth, maintaining mailservices is a FULLTIME-JOB and
>> that won't change in the near future
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
I couldn’t pay a full-time guy for what I’m paying to use CPanel.
I was hoping/expecting that the $ all of us shared users of CPanel are paying for the product would eventually be paying a full-time guy/gurl to support the product.
> On Oct 13, 2015, at 12:19 PM, Reindl Harald <h....@thelounge.net> wrote:
>
> it's just the truth, maintaining mailservices is a FULLTIME-JOB and that won't change in the near future
Re: Simplicity (was Re: SpamAssassin Rules Regarding Abuse of New Top
Level Domains)
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 13 Oct 2015, at 15:46, Dianne Skoll wrote:
> CPanel is just a "hosting control panel" used by a bazillion hosting
> providers. It's a more sophisticated version of Webmin and the like;
Or *less* depending on your concept of 'sophisticated'... It is slicker,
but it is much more tightly bound to specific versions of the tools it
supports. Hosting providers prefer it in part because it is more
restrictive by design.
Re: Simplicity (was Re: SpamAssassin Rules Regarding Abuse of New
Top Level Domains)
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 13 Oct 2015 12:42:04 -0700
Larry Goldman <lg...@allstarcomputerservices.com> wrote:
> As a customer of CPanel, I was expecting the "competent someone else
> who is supposed to simplify the process of managing an email server
> for me" already to be working for CPanel.
CPanel is just a "hosting control panel" used by a bazillion hosting
providers. It's a more sophisticated version of Webmin and the like;
you can manage many UNIX services without editing text files because
they're generated from Web-based input by CPanel.
How often the software is updated depends on the hosting provider.
And since most hosting providers operate on razor-thin margins, they
tend to just throw CPanel at the problem and then forget about it
until and unless customer clamoring becomes too loud to ignore. :)
Regards,
Dianne.
Re: Simplicity (was Re: SpamAssassin Rules Regarding Abuse of New Top
Level Domains)
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 10/13/2015 3:42 PM, Larry Goldman wrote:
> I’m ready to get down and dirty if necessary.
>
> As a customer of CPanel, I was expecting the “competent someone else who is supposed to simplify the process of managing an email server for me" already to be working for CPanel.
Agreed. I think the issue is outside of our input largely because it's
in cPanel / Godaddy's hands.
Regrds,
KAM
Re: Simplicity (was Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains)
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
I’m ready to get down and dirty if necessary.
As a customer of CPanel, I was expecting the “competent someone else who is supposed to simplify the process of managing an email server for me" already to be working for CPanel.
> On Oct 13, 2015, at 12:32 PM, Dianne Skoll <df...@roaringpenguin.com> wrote:
>
> On Tue, 13 Oct 2015 12:24:53 -0700
> Larry Goldman <lg...@allstarcomputerservices.com> wrote:
>
>> So, it is not possible to simplify the process of managing an email
>> server via an easy-to-use software user interface?
>
> I think if your goal is to simplify the process of managing an email
> server, your best bet is to pay someone else to do it for you. That
> keeps your life simple and (if the person you hire is competent) your
> mail running smoothly.
>
> If, however, your duty is to run a mail sever, then sorry... you have
> to get down and dirty to manage it effectively.
>
> Regards,
>
> Dianne.
Simplicity (was Re: SpamAssassin Rules Regarding Abuse of New Top
Level Domains)
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 13 Oct 2015 12:24:53 -0700
Larry Goldman <lg...@allstarcomputerservices.com> wrote:
> So, it is not possible to simplify the process of managing an email
> server via an easy-to-use software user interface?
I think if your goal is to simplify the process of managing an email
server, your best bet is to pay someone else to do it for you. That
keeps your life simple and (if the person you hire is competent) your
mail running smoothly.
If, however, your duty is to run a mail sever, then sorry... you have
to get down and dirty to manage it effectively.
Regards,
Dianne.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Reindl Harald <h....@thelounge.net>.
Am 13.10.2015 um 21:24 schrieb Larry Goldman:
> So, it is not possible to simplify the process of managing an email server via an easy-to-use software user interface?
not really
someone needs to understand the setup *and* maintain it because spam is
a moving target - there is no easy solution other than hire somebody
doing the things you don't want to do
i spent personally around 3000 workhours in the last year to provide a
as perfect as possible spamfilter with zero false positives for our
customers and many pieces of the solution are not available in public
and won't even run on other environments
i admit that the time i invested is excessive and not possible when you
write invoices for it - but that's what i felt need to invest to get *my
personal* result of beeing satisfied
>> On Oct 13, 2015, at 12:19 PM, Reindl Harald <h....@thelounge.net> wrote:
>>
>> no!
>>
>> the idea of cpanel, webmin and what not is trying to provide a reduced and limited interface for users with no clue and give them the felling they have some clue what they are doing
>>
>> if you rely on capnel you better maintain no public server at all, take money and pay somebody who knows what he is doing
>>
>> and NO - that's not unfriendly, it's just the truth, maintaining mailservices is a FULLTIME-JOB and that won't change in the near future
>>
>> Am 13.10.2015 um 21:15 schrieb Larry Goldman:
>>> The _idea_ of CPanel is a good one: a low-cost, do-it-all solution which a broader range of tech-savvy users can manage. It seems that the current GoDaddy/CPanel configuration I’m using is obviously not up to the task of distinguishing SPAM in today’s world.
>>>
>>> If there is not an easy fix within their black box, I’ll consider hosting my own email on OS X Server: full apache, full SA.
>>>
>>>> On Oct 13, 2015, at 12:07 PM, Reindl Harald <h....@thelounge.net> wrote:
>>>>
>>>>
>>>>
>>>> Am 13.10.2015 um 21:02 schrieb Larry Goldman:
>>>>> I’ve seen CPanel hosted on several other ISPs. It would be quite unfortunate (for them and for their users) if their email product could not reliably catch spam.
>>>>
>>>> and i have seen so much shit from ISP's long ago that i started in 2005 to host and implement anything we need on own infrastrcuture with own deployments and finally even replaced a spamfilter-applicance from a million-dollar-company specialized for spamfiltering with own solutions
>>>>
>>>> they all sell SpamAssassin and other free components wrapped in layers over layers (cPanel is one of the definite crap in that layers) and finally sell shit for money
>>>>
>>>> do it yourself or live with the results
>>>>
>>>> what you can't expect is serious help on upstream mailing lists fro SA burried inside a dozen of crap layers likely nobody on that planet knows how thinhgs are realy configured
>>>>
>>>>>> On Oct 13, 2015, at 11:56 AM, Reindl Harald <h....@thelounge.net> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am 13.10.2015 um 20:40 schrieb Larry Goldman:
>>>>>>> It seems that CPanel is an independent product that GoDaddy serves. It
>>>>>>> may be that the version of CPanel in use is not using up-to-date SA,
>>>>>>> which is a problem.
>>>>>>>
>>>>>>> How can I determine which version of SA is being used, without terminal
>>>>>>> access?
>>>>>>
>>>>>> you can't, you have only a limited blackbox and get what you pay for - sorry - invest time and money or live with what you get
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
So, it is not possible to simplify the process of managing an email server via an easy-to-use software user interface?
> On Oct 13, 2015, at 12:19 PM, Reindl Harald <h....@thelounge.net> wrote:
>
> no!
>
> the idea of cpanel, webmin and what not is trying to provide a reduced and limited interface for users with no clue and give them the felling they have some clue what they are doing
>
> if you rely on capnel you better maintain no public server at all, take money and pay somebody who knows what he is doing
>
> and NO - that's not unfriendly, it's just the truth, maintaining mailservices is a FULLTIME-JOB and that won't change in the near future
>
> Am 13.10.2015 um 21:15 schrieb Larry Goldman:
>> The _idea_ of CPanel is a good one: a low-cost, do-it-all solution which a broader range of tech-savvy users can manage. It seems that the current GoDaddy/CPanel configuration I’m using is obviously not up to the task of distinguishing SPAM in today’s world.
>>
>> If there is not an easy fix within their black box, I’ll consider hosting my own email on OS X Server: full apache, full SA.
>>
>>> On Oct 13, 2015, at 12:07 PM, Reindl Harald <h....@thelounge.net> wrote:
>>>
>>>
>>>
>>> Am 13.10.2015 um 21:02 schrieb Larry Goldman:
>>>> I’ve seen CPanel hosted on several other ISPs. It would be quite unfortunate (for them and for their users) if their email product could not reliably catch spam.
>>>
>>> and i have seen so much shit from ISP's long ago that i started in 2005 to host and implement anything we need on own infrastrcuture with own deployments and finally even replaced a spamfilter-applicance from a million-dollar-company specialized for spamfiltering with own solutions
>>>
>>> they all sell SpamAssassin and other free components wrapped in layers over layers (cPanel is one of the definite crap in that layers) and finally sell shit for money
>>>
>>> do it yourself or live with the results
>>>
>>> what you can't expect is serious help on upstream mailing lists fro SA burried inside a dozen of crap layers likely nobody on that planet knows how thinhgs are realy configured
>>>
>>>>> On Oct 13, 2015, at 11:56 AM, Reindl Harald <h....@thelounge.net> wrote:
>>>>>
>>>>>
>>>>>
>>>>> Am 13.10.2015 um 20:40 schrieb Larry Goldman:
>>>>>> It seems that CPanel is an independent product that GoDaddy serves. It
>>>>>> may be that the version of CPanel in use is not using up-to-date SA,
>>>>>> which is a problem.
>>>>>>
>>>>>> How can I determine which version of SA is being used, without terminal
>>>>>> access?
>>>>>
>>>>> you can't, you have only a limited blackbox and get what you pay for - sorry - invest time and money or live with what you get
>
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Reindl Harald <h....@thelounge.net>.
no!
the idea of cpanel, webmin and what not is trying to provide a reduced
and limited interface for users with no clue and give them the felling
they have some clue what they are doing
if you rely on capnel you better maintain no public server at all, take
money and pay somebody who knows what he is doing
and NO - that's not unfriendly, it's just the truth, maintaining
mailservices is a FULLTIME-JOB and that won't change in the near future
Am 13.10.2015 um 21:15 schrieb Larry Goldman:
> The _idea_ of CPanel is a good one: a low-cost, do-it-all solution which a broader range of tech-savvy users can manage. It seems that the current GoDaddy/CPanel configuration I’m using is obviously not up to the task of distinguishing SPAM in today’s world.
>
> If there is not an easy fix within their black box, I’ll consider hosting my own email on OS X Server: full apache, full SA.
>
>> On Oct 13, 2015, at 12:07 PM, Reindl Harald <h....@thelounge.net> wrote:
>>
>>
>>
>> Am 13.10.2015 um 21:02 schrieb Larry Goldman:
>>> I’ve seen CPanel hosted on several other ISPs. It would be quite unfortunate (for them and for their users) if their email product could not reliably catch spam.
>>
>> and i have seen so much shit from ISP's long ago that i started in 2005 to host and implement anything we need on own infrastrcuture with own deployments and finally even replaced a spamfilter-applicance from a million-dollar-company specialized for spamfiltering with own solutions
>>
>> they all sell SpamAssassin and other free components wrapped in layers over layers (cPanel is one of the definite crap in that layers) and finally sell shit for money
>>
>> do it yourself or live with the results
>>
>> what you can't expect is serious help on upstream mailing lists fro SA burried inside a dozen of crap layers likely nobody on that planet knows how thinhgs are realy configured
>>
>>>> On Oct 13, 2015, at 11:56 AM, Reindl Harald <h....@thelounge.net> wrote:
>>>>
>>>>
>>>>
>>>> Am 13.10.2015 um 20:40 schrieb Larry Goldman:
>>>>> It seems that CPanel is an independent product that GoDaddy serves. It
>>>>> may be that the version of CPanel in use is not using up-to-date SA,
>>>>> which is a problem.
>>>>>
>>>>> How can I determine which version of SA is being used, without terminal
>>>>> access?
>>>>
>>>> you can't, you have only a limited blackbox and get what you pay for - sorry - invest time and money or live with what you get
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
The _idea_ of CPanel is a good one: a low-cost, do-it-all solution which a broader range of tech-savvy users can manage. It seems that the current GoDaddy/CPanel configuration I’m using is obviously not up to the task of distinguishing SPAM in today’s world.
If there is not an easy fix within their black box, I’ll consider hosting my own email on OS X Server: full apache, full SA.
> On Oct 13, 2015, at 12:07 PM, Reindl Harald <h....@thelounge.net> wrote:
>
>
>
> Am 13.10.2015 um 21:02 schrieb Larry Goldman:
>> I’ve seen CPanel hosted on several other ISPs. It would be quite unfortunate (for them and for their users) if their email product could not reliably catch spam.
>
> and i have seen so much shit from ISP's long ago that i started in 2005 to host and implement anything we need on own infrastrcuture with own deployments and finally even replaced a spamfilter-applicance from a million-dollar-company specialized for spamfiltering with own solutions
>
> they all sell SpamAssassin and other free components wrapped in layers over layers (cPanel is one of the definite crap in that layers) and finally sell shit for money
>
> do it yourself or live with the results
>
> what you can't expect is serious help on upstream mailing lists fro SA burried inside a dozen of crap layers likely nobody on that planet knows how thinhgs are realy configured
>
>>> On Oct 13, 2015, at 11:56 AM, Reindl Harald <h....@thelounge.net> wrote:
>>>
>>>
>>>
>>> Am 13.10.2015 um 20:40 schrieb Larry Goldman:
>>>> It seems that CPanel is an independent product that GoDaddy serves. It
>>>> may be that the version of CPanel in use is not using up-to-date SA,
>>>> which is a problem.
>>>>
>>>> How can I determine which version of SA is being used, without terminal
>>>> access?
>>>
>>> you can't, you have only a limited blackbox and get what you pay for - sorry - invest time and money or live with what you get
>
>
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Reindl Harald <h....@thelounge.net>.
Am 13.10.2015 um 21:02 schrieb Larry Goldman:
> I’ve seen CPanel hosted on several other ISPs. It would be quite unfortunate (for them and for their users) if their email product could not reliably catch spam.
and i have seen so much shit from ISP's long ago that i started in 2005
to host and implement anything we need on own infrastrcuture with own
deployments and finally even replaced a spamfilter-applicance from a
million-dollar-company specialized for spamfiltering with own solutions
they all sell SpamAssassin and other free components wrapped in layers
over layers (cPanel is one of the definite crap in that layers) and
finally sell shit for money
do it yourself or live with the results
what you can't expect is serious help on upstream mailing lists fro SA
burried inside a dozen of crap layers likely nobody on that planet knows
how thinhgs are realy configured
>> On Oct 13, 2015, at 11:56 AM, Reindl Harald <h....@thelounge.net> wrote:
>>
>>
>>
>> Am 13.10.2015 um 20:40 schrieb Larry Goldman:
>>> It seems that CPanel is an independent product that GoDaddy serves. It
>>> may be that the version of CPanel in use is not using up-to-date SA,
>>> which is a problem.
>>>
>>> How can I determine which version of SA is being used, without terminal
>>> access?
>>
>> you can't, you have only a limited blackbox and get what you pay for - sorry - invest time and money or live with what you get
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
I’ve seen CPanel hosted on several other ISPs. It would be quite unfortunate (for them and for their users) if their email product could not reliably catch spam.
> On Oct 13, 2015, at 11:56 AM, Reindl Harald <h....@thelounge.net> wrote:
>
>
>
> Am 13.10.2015 um 20:40 schrieb Larry Goldman:
>> It seems that CPanel is an independent product that GoDaddy serves. It
>> may be that the version of CPanel in use is not using up-to-date SA,
>> which is a problem.
>>
>> How can I determine which version of SA is being used, without terminal
>> access?
>
> you can't, you have only a limited blackbox and get what you pay for - sorry - invest time and money or live with what you get
>
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Reindl Harald <h....@thelounge.net>.
Am 13.10.2015 um 20:40 schrieb Larry Goldman:
> It seems that CPanel is an independent product that GoDaddy serves. It
> may be that the version of CPanel in use is not using up-to-date SA,
> which is a problem.
>
> How can I determine which version of SA is being used, without terminal
> access?
you can't, you have only a limited blackbox and get what you pay for -
sorry - invest time and money or live with what you get
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
> On Oct 13, 2015, at 6:49 AM, Kevin A. McGrail <KM...@PCCC.com> wrote:
>
> On 10/12/2015 2:15 PM, Larry Goldman wrote:
>> I’m using the CPanel shared hosting on GoDaddy. Inside there, SpamAssassin is running.
> GoDaddy might not be running sa-update or a new enough version of SA to take advantage of the TLD updates we can push centrally.
It seems that CPanel is an independent product that GoDaddy serves. It may be that the version of CPanel in use is not using up-to-date SA, which is a problem.
How can I determine which version of SA is being used, without terminal access?
Here is the raw header of such spam. The “to” address is invalid, and was caught in the catch-all account.
> Return-path: <Go...@poshperkgovtconspiracy.science>
> Envelope-to: rrell@allstarcomputerservices.com
> Delivery-date: Tue, 13 Oct 2015 11:34:36 -0700
> Received: from [50.2.213.68] (port=57756 helo=poshperkgovtconspiracy.science)
> by p3plcpnl0508.prod.phx3.secureserver.net with esmtp (Exim 4.85)
> (envelope-from <Go...@poshperkgovtconspiracy.science>)
> id 1Zm4PD-0003yb-RD
> for rrell@allstarcomputerservices.com; Tue, 13 Oct 2015 11:34:36 -0700
> Date: Tue, 13 Oct 2015 11:20:53 -0700
> To: <rr...@allstarcomputerservices.com>
> Content-Type: text/plain
> Nc-Ws: 17451601q-x72f5b53b2c6d08ee39bf08c7aed677cf_k22845467
> From: Govt_Rx_CoverUp <Go...@poshperkgovtconspiracy.science>
> Mime-Version: 1.0
> Message-ID: <0....@allstarcomputerservices.com>
> Ncc-Mn: 22845467q_i72f5b53b2c6d08ee39bf08c7aed677cf-72f5b53b2c6d08ee39bf08c7aed677cfme
> Subject: Health Science Institute exposes major Govt-Obama-Conspiracy
> X-Spam-Status: No, score=0.1
> X-Spam-Score: 1
> X-Spam-Bar: /
> X-Ham-Report: Spam detection software, running on the system "p3plcpnl0508.prod.phx3.secureserver.net",
> has NOT identified this incoming email as spam. The original
> message has been attached to this so you can view it or label
> similar future email. If you have any questions, see
> root\@localhost for details.
>
> Content preview: ===================================================== Major
> Conspiracy Between Obama, Congress, and the FDA =====================================================
> Release Date: 13Oct2015 Article #22845467 [...]
>
> Content analysis details: (0.1 points, 8.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
> See
> http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
> for more information.
> [URIs: allstarcomputerservices.com]
> 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
> [URIs: poshperkgovtconspiracy.science]
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> -0.0 SPF_PASS SPF: sender matches SPF record
> -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
> [score: 0.0000]
> 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
> X-Spam-Flag: NO
>
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 10/12/2015 2:15 PM, Larry Goldman wrote:
> I’m using the CPanel shared hosting on GoDaddy. Inside there,
> SpamAssassin is running.
GoDaddy might not be running sa-update or a new enough version of SA to
take advantage of the TLD updates we can push centrally.
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 10/13/2015 2:55 PM, Larry Goldman wrote:
> It seems that the new domains are appearing faster than I can keep up. Continual manual updates by every SA admin seems unfeasible.
>
> How does SA solve this problem?
By adding the TLDs to the config files distributed by sa-update that
work with SA 3.4.1 to centralize the fix. As such, I'm not seeing a
real-world new TLD issue.
Regards,
KAM
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
It seems that the new domains are appearing faster than I can keep up. Continual manual updates by every SA admin seems unfeasible.
How does SA solve this problem?
> On Oct 13, 2015, at 2:33 AM, Paul Stead <pa...@zeninternet.co.uk> wrote:
>
> On 12/10/15 19:15, Larry Goldman wrote:
>> On Oct 2, 2015 6:47:41 am
>> RW wrote:
>>
>>>> On Thu, 1 Oct 2015 18:53:16 -0700
>>>> Larry Goldman wrote:
>>>> I?m running SpamAssassin on CPanel shared hosting (GoDaddy). For
>>>> several weeks, I?ve been inundated with spam from various new
>>>> top-level domains: .date, .win,, .faith, .racing. CPanel has options
>>>> for specifiying SpamAssassin rules, but no other configuration files
>>>> are readily available for modification.
>> Can you tell me more about rule updates?
>> Where are current rules documented?
> The improvements mentions are for detection of these new TLDs so that
> the URIs can be queried against blocklists and rules can be written for them
>> The problem I’m trying to solve is an avalanche of spam being sent
>> from various “new” top level domains, as enumerated in my original
>> post. What SA rule will remove these?
>
> I have something like the following:
>
> enlist_uri_host (NEWSPAMMY) date
> enlist_uri_host (NEWSPAMMY) win
> enlist_uri_host (NEWSPAMMY) faith
> enlist_uri_host (NEWSPAMMY) racing
>
> header PDS_OTHER_BAD_TLD eval:check_uri_host_listed('NEWSPAMMY')
> score PDS_OTHER_BAD_TLD 0.1
> describe PDS_OTHER_BAD_TLD Other untrustworthy TLDs
>
> --
> Paul Stead
> Systems Engineer
> Zen Internet
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Paul Stead <pa...@zeninternet.co.uk>.
On 12/10/15 19:15, Larry Goldman wrote:
> On Oct 2, 2015 6:47:41 am
> RW wrote:
>
>>> On Thu, 1 Oct 2015 18:53:16 -0700
>>> Larry Goldman wrote:
>>> I?m running SpamAssassin on CPanel shared hosting (GoDaddy). For
>>> several weeks, I?ve been inundated with spam from various new
>>> top-level domains: .date, .win,, .faith, .racing. CPanel has options
>>> for specifiying SpamAssassin rules, but no other configuration files
>>> are readily available for modification.
> Can you tell me more about rule updates?
> Where are current rules documented?
The improvements mentions are for detection of these new TLDs so that
the URIs can be queried against blocklists and rules can be written for them
> The problem I’m trying to solve is an avalanche of spam being sent
> from various “new” top level domains, as enumerated in my original
> post. What SA rule will remove these?
I have something like the following:
enlist_uri_host (NEWSPAMMY) date
enlist_uri_host (NEWSPAMMY) win
enlist_uri_host (NEWSPAMMY) faith
enlist_uri_host (NEWSPAMMY) racing
header PDS_OTHER_BAD_TLD eval:check_uri_host_listed('NEWSPAMMY')
score PDS_OTHER_BAD_TLD 0.1
describe PDS_OTHER_BAD_TLD Other untrustworthy TLDs
--
Paul Stead
Systems Engineer
Zen Internet
Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains
Posted by Larry Goldman <lg...@allstarcomputerservices.com>.
On Oct 2, 2015 6:47:41 am
RW wrote:
>> On Thu, 1 Oct 2015 18:53:16 -0700
>> Larry Goldman wrote:
>>
>> From http://spamassassin.apache.org <http://spamassassin.apache.org/>:
>>
>> Latest News
>>
>> 2015-04-30: SpamAssassin 3.4.1 has been released! Highlights
>> include:
>>
>> improved automation to help combat spammers that are abusing new
>> top level domains;
>>
>> I?m running SpamAssassin on CPanel shared hosting (GoDaddy). For
>> several weeks, I?ve been inundated with spam from various new
>> top-level domains: .date, .win,, .faith, .racing. CPanel has options
>> for specifiying SpamAssassin rules, but no other configuration files
>> are readily available for modification.
>>
>
> Are you sure you can create actual SpamAssassin rules? As opposed to
> just adding blacklist_from entries and rescoring existing rules. I don't
> see anything on the GoDaddy site to suggest you can, and they are
> usually not supported on shared email servers because users may create
> pathological rules that hog resources.
>
> If not, all you can do is create blacklist entries like "*.science".
> Whilst this will work, it is a hostage to fortune.
>
> IIWY I'd look into whether GoDaddy provides any mechanism for training
> SpamAssassin's Bayes component.
I’m using the CPanel shared hosting on GoDaddy. Inside there, SpamAssassin is running.
On CPanel -> Email -> Apache SpamAssassin™ -> Configure Apache SpamAssassin™ ->
there are “score” text boxes with these instructions:
"Assign scores (the number of points for a hit) to a given test. Scores can be positive or negative real numbers or integers. "SYM-BOLIC_TEST_NAME" is the symbolic name used by Apache SpamAssassin™ for that test; for example, 'FROM_ENDS_IN_NU'. If only one valid score is listed, then that score is always used for a test. If four valid scores are listed, then the score that is used depends on how Apache SpamAssassin™ is being used. The first score is used when both Bayes and network tests are disabled. The second score is used when Bayes is disabled, but network tests are enabled. The third score is used when Bayes is enabled and network tests are disabled. The fourth score is used when Bayes is enabled and net-work tests are enabled. Setting a rule's score to 0 will disable that rule from running.”
>>
>> Where is this improved automation documented?
>>
> It's not really something that end users need to know about. SA keeps a
> list of TLDs that's used for finding domains in the text - mainly so
> they can be looked-up in URI blocklists. That list is now distributed
> with rule updates instead of as a part of the install.
Can you tell me more about rule updates?
Where are current rules documented?
>>
>> How can I stop the spam from new top level domains?
>> What (new) rules apply to unknown new top level domains?
>>
> I don't think there are any, it's not really SpamAssassin's place to be
> making policy decisions like that.
The problem I’m trying to solve is an avalanche of spam being sent from various “new” top level domains, as enumerated in my original post. What SA rule will remove these?