On Sat, 13 Jun 2020, RW wrote:
On Fri, 12 Jun 2020 09:22:40 -0400
AJ Weber wrote:
I want to try adding a score for a sender whose address uses a TLD
with > 3 chars.
I realize there are some legit ones, but I'm going to test it with a
low score and see what it catches.
What I did was grep my mail for TLDs seeen in ham and then create a
rule __NORMAL_TLD
I then score a point for:
__HAS_FROM && ! __NORMAL_TLD
This probably wont scale well beyond a few users though.
If I were a bit more energetic I'd autogenerate the rule from cron.
This sounds like a perfect application for a custom DNS-bl lookup/list.
Create a local custom rbldnsd server "dnset" zone from a data file with your
blessed TLDs, then a rule doing a rbl check using the hostname from the From
address with custom scoring.
You can easily update the rbldnsd zone data (just write/update the data file, no
need to restart spamd) and could create a custom scoring value based on the DNS
data (EG 127.0.0.2 for really 'good' TLDs, 127.0.0.4 for 'so-so' and 127.0.0.8
for truely spammy names).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{