Whitelist toplevel domains
Any emails we get from top level domains such as .xyz or .biz.ua they are always spam. Sometimes the spam filter score is high enough to catch them, but otherwise they get through.
I would like to be able to whitelist top level domains such as uk, com, uk.com and .net and set a spam score high enough on all other top level domains to ensure that they go straight to spam or we could have the option to just simply drop the emails! This will depend on whether we actually get any legitimate emails from other top level domains. However every single email we have received from an uncommon top level domain has always been spam.
Thank you
Robert
shared this idea
Hello,
Thank you for your suggestion. There are a couple different ways this can already be done in MDaemon. You can create a spamassassin rule to add points to any message that does not come from one of the original 7 tlds. Another option would be to use host screening to block all of the new tlds. Here is an example of a spamassassin rule that was written by a user and shared with the community.
I added an exclusion for the two letter country code domains as well. You can remove the _MY_DOTCC header line and remove the term from the sum in the meta line to remove it. The country code portion passes any two letter code, even if it is not valid.
Here is the rule you can add to local.cf. Score as you feel appropriate.
- check for the original 7 top-level domains
- see http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains#Original_top-level_domains
header __MY_DOTCOM From =~ /.@.\.com>?$/i
header __MY_DOTNET From =~ /.@.\.net>?$/i
header __MY_DOTORG From =~ /.@.\.org>?$/i
header __MY_DOTEDU From =~ /.@.\.edu>?$/i
header __MY_DOTGOV From =~ /.@.\.gov>?$/i
header __MY_DOTMIL From =~ /.@.\.mil>?$/i
header __MY_DOTINT From =~ /.@.\.int>?$/i
header __MY_DOTCC From =~ /.@.\…>?$/i - if no hits on any of the above header rules, score this meta rule for undesired domains
meta MY_FROM_NEWTLD ((__MY_DOTCOM + __MY_DOTNET + __MY_DOTORG + __MY_DOTEDU + __MY_DOTGOV + __MYDOTMIL + __MY_DOTINT + MYDOTCC) < 1)
score MY_FROM_NEWTLD 1.000
describe MY_FROMNEWTLD Message not from original top-level domain
Thanks,
Arron
-
Anonymous
commented
was looking for just this functionality. however i cannot get it to work correctly.
this is my local.cf file.....
use_bayes 1
bayes_path C:\MDaemon\SpamAssassin\bayes\bayes
rewrite_header subject
required_score 5.0
normalize_charset 1
auto_whitelist_path C:\MDaemon\SpamAssassin\auto_whitelist\auto_whitelist
auto_whitelist_factor 0.5
auto_whitelist_file_mode 0666
bayes_auto_learn 0
bayes_auto_learn_threshold_nonspam 0.1
bayes_auto_learn_threshold_spam 12.0
bayes_min_ham_num 200
bayes_min_spam_num 200
bayes_auto_expire 1
bayes_expiry_max_db_size 150000
score USER_IN_WHITELIST -100.0
score USER_IN_WHITELIST_TO -100.0
score USER_IN_BLACKLIST 100.0
score MDAEMON_VBR_CERT -3.0
score MDAEMON_DKIM_PASS -0.5
score MDAEMON_SPF_FAIL 15.0
score MDAEMON_SPF_PASS -0.5
report_safe 0
header __MY_DOTCOM From =~ /.@.\.com>?$/i
header __MY_DOTNET From =~ /.@.\.net>?$/i
header __MY_DOTORG From =~ /.@.\.org>?$/i
header __MY_DOTEDU From =~ /.@.\.edu>?$/i
header __MY_DOTGOV From =~ /.@.\.gov>?$/i
header __MY_DOTMIL From =~ /.@.\.mil>?$/i
header __MY_DOTINT From =~ /.@.\.int>?$/i
header __MY_DOTCC From =~ /.@.\…>?$/i
meta MY_FROM_NEWTLD ((__MY_DOTCOM + __MY_DOTNET + __MY_DOTORG + __MY_DOTEDU + __MY_DOTGOV + __MYDOTMIL + __MY_DOTINT + MYDOTCC) < 1)
score MY_FROM_NEWTLD 3.000
describe MY_FROM_NEWTLD Message not from original top-level domainI am seeing the report on the msg source. that follows...
X-Spam-Status: No, score=4.70 required=5.0
X-Spam-Report:
* 1.6 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.4819]
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
* https://www.dnswl.org/, no trust
* [98.137.64.83 listed in list.dnswl.org]
* -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [98.137.64.83 listed in wl.mailspike.net]
* 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
* provider (removed[at]yahoo.com)
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 3.0 MY_FROM_NEWTLD Message not from original top-level domainTHANK YOU FOR ANY HELP YOU CAN PROVIDE.
-
Robert
commented
Hi Arron,
Thank you for this information. I will try this out. I had actually put in this
score FROM_SUSPICIOUS_NTLD 4.0 in the local.cf file but I think that your method is better because I explicitly state what top level domains I want to allow as my rule is dependant on what spam assassin allows as top level domains.I have looked up these rules on the Internet and I am not entirely sure if I have done this correctly. What I have done is this.
header __MY_DOTCOM From =~ /.@.\.com>?$/i
header __MY_DOTNET From =~ /.@.\.net>?$/i
header __MY_DOTORG From =~ /.@.\.org>?$/i
header __MY_DOTUK From =~ /.@.\.uk>?$/i
meta MY_FROM_NEWTLD ((__MY_DOTCOM + __MY_DOTNET + __MY_DOTORG + __MY_DOTUK) < 1)
score MY_FROM_NEWTLD 4.000
describe MY_FROMNEWTLD Message not from original top-level domainI have removed the .edu .gov .mil .int and the dotcc options because in the UK we don't receive emails from .gov .mil or .int. I don't understand how the Dotcc works. The only two letter country domain I want is .uk so I have just replaced .edu line with .uk
Does the meta line subtract 1 point for top level domains. I am not sure what the <1 does?
Thank you.