Obvious spam getting through

Tracy Greggs mailscanner-list at okla.com
Fri Dec 16 14:37:30 UTC 2016

I create a file called x-blacklisted-tlds.cf and put it in the same folder
as your local.cf, on Centos in /etc/mail/spamassassin/.  When spamassassin
fires it looks at all cf files there in alphabetical order, so in my case
the x-blacklisted-tlds.cf is read last on purpose.

The contents look like this:

blacklist_from *@*.top
blacklist_from *@*.xzy


Since I use the latest version of MailWatch also, this allows me to
whitelist any that are legit although like Peter says, I haven't had a
single complaint either.  In MW, these will be color coded black just like
they would if you had them in the MW SQL blacklist unless you whitelist the
sender with MW which overrides the SA blacklist_from in your cf file.

Tracy Greggs

-----Original Message-----
From: MailScanner
[mailto:mailscanner-bounces+mailscanner-list=okla.com at lists.mailscanner.info
] On Behalf Of Peter H. Lemieux
Sent: Wednesday, December 14, 2016 4:42 PM
To: MailScanner Discussion
Subject: Re: Obvious spam getting through

If you don't want to reject them outright, bump up their scores in
SpamAssassin with a rule like

header TOP_DOMAIN         /Return-Path.*\.top/
score TOP_DOMAIN          3


On 12/14/2016 05:26 PM, Sterling Chavis wrote:
> Thank you. The ones that are getting through are all .top domains as 
> far as I can see. I'll use this method and see how it goes.
> On 12/14/2016 12:10 PM, Peter Lemieux wrote:
>> I deal with these by refusing mail for most of the new top-level 
>> domains like .top.  I've never seen any legitimate mail from any of 
>> those, nor have I received any complaints about missing messages.  My 
>> current blacklist includes:
>> click
>> date
>> faith
>> party
>> link
>> xyz
>> download
>> top
>> space
>> win
>> stream
>> gdn
>> website
>> bid
>> loan
>> review
>> science
>> I handle this screening via the access database in sendmail, not 
>> through MailScanner.
>> Peter
>> On 12/14/2016 02:03 PM, Sterling Chavis wrote:
>>> The other day I started to get slammed with spam. SpamAssassin was 
>>> doing a very good job before that, and is still catching many. 
>>> Couldthey be spoofing the X-Mailscanner headers to bypass my 
>>> mailscan rules? Here is an example of the ones that are getting 
>>> through:
>>> Return-Path:
>>> <chronic.constipation.remedy at pessimist.rightcontipationscare.top>

MailScanner mailing list
mailscanner at lists.mailscanner.info

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

This email has been checked for viruses by Avast antivirus software.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list