On 11/1/2017 2:39 PM, Gary Smith wrote:
We have recently seen a huge uptick in spam from a bunch of different TLD's.
Bayes has been a little whacky with them as well. Our install is 3.3.1 (we're
going to be replacing it soon).
I'm looking to implement a rule that will assign a higher score to specific
TLD's. I tried the rule below based upon the guidelines from
https://wiki.apache.org/spamassassin/WritingRules. Nothing seems to hit it
though.
header HS_BAD_DOMAIN From =~
/^\.(top|study|click|party|link|stream|info|trade|bid|xxx)/i
describe HS_BAD_DOMAIN Contains one of the bad domains that commonly spams
score HS_BAD_DOMAIN 0.1 0.1 0.1 0.1
The problem is the caret (^). That says that the match must START with
a period. For example:
From: .top
What you probably want is to anchor the expression on the other end:
header HS_BAD_DOMAIN From:addr =~
/\.(top|study|click|party|link|stream|info|trade|bid|xxx)$/i
The ':addr:' part makes sure the match only hits on the first email
address in the header to prevent false positives.
Also, you don't need to specify multiple scores unless they are different.
score HS_BAD_DOMAIN 0.1
This works exactly the same and is a bit easier to read.
--
Bowie
