Page 1 of 1

spam from odd TLDs - can we assign higher bayes score by TLD

Posted: 10 Jul 2013, 22:01
by silver_2000
We are still getting hammered by spam from .pw .me .us .bix etc Top level domains

When it was just .us and .pw we blocked the entire tld but now that list is growing and we can block them all ..

what Im wondering is can see simply change the bayes scoring to assign any email from those tlds a higher level of scrutiny - or perhaps set it so that any email from *.me starts out with a higher bayes score

just looking for ways to stem the recent increase in spam since the vast majority is from these little known tlds

Re: spam from odd TLDs - can we assign higher bayes score by

Posted: 03 Sep 2013, 01:41
by JasGot
Did you use CSF to block those domains? That is a big load on the IPtables. We found success using the blacklist rules.

Change to your own TLDs that are bothering you.

Put this:

From: /\.pw$/ yes
From: /\.info$/ yes
From: /\.ru$/ yes

Those are tabs, not spaces


in the spam.blacklist.rules

Re: spam from odd TLDs - can we assign higher bayes score by

Posted: 03 Sep 2013, 13:54
by silver_2000
THanks for the reply

Do you know of a way that could be used by Account holders in Cpanel ?

That way Im not blocking from the entire server BUT the Customers/Account holders could choose to block the Spamming TLDs themselves

Re: spam from odd TLDs - can we assign higher bayes score by

Posted: 30 Dec 2013, 22:29
by JDStallings
Sarah,

Can we get a response on this? I would actually like to add additional scores to all emails from certain domains so they score higher but have not been able to find out how to accomplish this.

Will continue to search the forum.... :D

Thanks in advance
Jim

Re: spam from odd TLDs - can we assign higher bayes score by

Posted: 31 Dec 2013, 08:33
by Sarah
Jim,

I don't think bayes is the way to handle this situation. You would probably need to add your own spamassassin rules, which is not really something we can offer help with. There are instructions on writing SA rules here: http://wiki.apache.org/spamassassin/WritingRules

Once you've done that you could also look at using the "SpamAssassin Rule Actions" setting in the MailScanner configuration if you want to take specific actions for emails that hit your new rules.

Regards,
Sarah