Have you seen an increased spam from new TLDs (top level domains like these)?
.link, .xyz, .info, .ninja
This short tutorial demonstrates how to create a filter to add points for messages that are not from a list of preferred TLDs.
Important: This filter is not for everyone and you should adjust for best results considering your mail traffic and typical senders. You also should be familiar with editing plain text configuration files.1
Lets get started:
The local configuration for SpamAssassin is stored in this directory:
Within this directory, you can customize SpamAssassin with configuration files for filters, whitelists, blacklists, score overrides and more. These config files must end in
.cf and are processed in alphabetical order. When the same setting is repeated, the last occurrence wins.
Your additions should load last, so we’ll call this new filter:
Lets think about the goal.
We want to reduce spam, but still accept/deliver legitimate mail from these TLDs.
SpamAssassin runs hundreds of tests, and they all have a subtle effect on the final spam score.
We don’t want to be too heavy handed. For our example: we’re going to add 1.5 points to the final score.
Here’s our filter:
file: /Library/Server/Mail/Config/spamassassin/z_tld.cf # add points if the From address is not a valid host in a listed TLD header LOCAL_FROM_TLD From !~ /@[a-z0-9\-\.]+\.(com|org|net|mil|edu)/i describe LOCAL_FROM_TLD From address is not a valid host in a listed TLD score LOCAL_FROM_TLD 1.5
Lets break it down:
This is the meat of the filter. We are searching the
From header for mail not
!~ matching the regex expression. The regex expression has two parts.
/@[a-z0-9\-\.]+\. catches a legit hostname (mail.company) without the TLD (com, org, etc). spammer@spam!domain.com would be caught because ! is not allowed in a hostmame.
(com|org|net|mil|edu) is the list of TLDs we do not penalize. Edit this list to include any TLD you typically receive mail from. Note: the filter ends in
/i. A spamassassin expression begins with
/ ends with
/ and the
i means case insensitive.
Description of the filter
We are adding 1.5 points.
Remember, this is a negative match
!~, so we add 1.5 points when the TLD is not com|org|net|mil|edu.
If you decide to implement this ‘as-is’, copy/paste the following in Terminal:
echo '# TLD Filter # adds points if the From address is not a valid host in a listed TLD header LOCAL_FROM_TLD From !~ /@[a-z0-9\-\.]+\.(com|org|net|mil|edu)/i describe LOCAL_FROM_TLD From address is not a valid host in a listed TLD score LOCAL_FROM_TLD 1.5' | sudo tee -a /Library/Server/Mail/Config/spamassassin/z_tld.cf sudo launchctl stop org.amavis.amavisd
Test and Verify Results
Test your mail system, make sure you are able to send/receive.
Watch the amavis log located at
/Library/Logs/Mail/amavis.log and you should see hits.
From your mail application, check for the x-spam-status header.
Check if syntax, typos or other errors in this filter have caused any errors:
sudo -u _amavisd -H spamassassin --lint -D 2>&1 | grep LOCAL_FROM_TLD
Document Version 1.0, 11.2.2016
- If you are unsure about how to edit a configuration file, have a look at our tutorial on how to edit text configuration files on OS X Server ↩