[At-Large] Fwd: [technical-issues] Banning .xyz email from my company's servers

bzs at theworld.com bzs at theworld.com
Fri Mar 18 19:26:53 UTC 2016

Since we've waded into this and you ask questions...

Spamassassin itself will not drop emails, it only marks them as spam
or not based on the required_score value.

You can use other tools such as procmail (with a cooperating MTA such
as postfix/sendmail/exim/etc) to drop, return, send to an alternate
folder, or put in your INBOX based on the result of spamassassin. Or
your own MUA might have facilities to not show it to you or whatever.

I wouldn't worry much about true spammers readjusting based on the
result, a typical professional spammer sends out about one billion
messages per day.

About the only automated hint some suspect is they might note whether
an address returned unknown user or not since anything but unknown
user indicates the email address is valid even if the message was
rejected. So some choose to set up procmail (typically) scripts which
appear to send back unknown user errors hoping that will drop them
from the spammer's database entirely.

I tend to think that's optimistic (THEY DON'T REALLY CARE!) but why
not try?

If one were trying to block a more targeted source and not a true
"blind" spammer, perhaps just an annoying person who pitches slightly
randomized versions of your domain for sale several times per day,
then perhaps those methods would be effective and get one dropped from
their database.

The real tragedy of spam is the human time wasted over it.

On March 17, 2016 at 10:31 ocl at gih.com (Olivier MJ Crepin-Leblond) wrote:
 > Dear Barry,
 > thanks for your follow-up on this. That's a good idea too. I've checked
 > the past messages in the queue and spamassassin scores range from 3.4 to
 > 4.9 (with a trigger score required of 5.2). However, can you get a
 > rejection message sent to the originator of the message? When blocking
 > at Postfix level, the message is not accepted in the system & a bounce
 > is issued. A genuine email originator would get a bounce explaining the
 > bounce and try another method to get in contact. With spamassassin the
 > message would just get dropped, wouldn't it? (apologies, my spamassassin
 > coding is a bit crusty)
 > Kindest regards,
 > Olivier
 > On 17/03/2016 05:32, bzs at theworld.com wrote:
 > > [is this OT, how did this start?]
 > >
 > > I use spamassassin system-wide to increase the spam score of a message
 > > from certain TLDs to near the threshold where it's just rejected.
 > >
 > > So for example in local.cf I add a rule like:
 > >
 > > header DOTTOP_RULE              From =~ /.*\.top/i
 > > describe DOTTOP_RULE            BZS 20160226
 > > score DOTTOP_RULE               2.5
 > >
 > > which means just having a .TOP TLD in the From gives it a base score
 > > of 2.5, so it wouldn't take much more, tripping some other
 > > spamassassin rules, to just get it blocked entirely.
 > >
 > > But it means in theory a very non-spammy msg from that TLD might still
 > > get through.
 > >
 > -- 
 > Olivier MJ Crépin-Leblond, PhD
 > http://www.gih.com/ocl.html

        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

More information about the At-Large mailing list