It seems that the new domains are appearing faster than I can keep up. Continual manual updates by every SA admin seems unfeasible.
How does SA solve this problem? > On Oct 13, 2015, at 2:33 AM, Paul Stead <paul.st...@zeninternet.co.uk> wrote: > > On 12/10/15 19:15, Larry Goldman wrote: >> On Oct 2, 2015 6:47:41 am >> RW wrote: >> >>>> On Thu, 1 Oct 2015 18:53:16 -0700 >>>> Larry Goldman wrote: >>>> I?m running SpamAssassin on CPanel shared hosting (GoDaddy). For >>>> several weeks, I?ve been inundated with spam from various new >>>> top-level domains: .date, .win,, .faith, .racing. CPanel has options >>>> for specifiying SpamAssassin rules, but no other configuration files >>>> are readily available for modification. >> Can you tell me more about rule updates? >> Where are current rules documented? > The improvements mentions are for detection of these new TLDs so that > the URIs can be queried against blocklists and rules can be written for them >> The problem I’m trying to solve is an avalanche of spam being sent >> from various “new” top level domains, as enumerated in my original >> post. What SA rule will remove these? > > I have something like the following: > > enlist_uri_host (NEWSPAMMY) date > enlist_uri_host (NEWSPAMMY) win > enlist_uri_host (NEWSPAMMY) faith > enlist_uri_host (NEWSPAMMY) racing > > header PDS_OTHER_BAD_TLD eval:check_uri_host_listed('NEWSPAMMY') > score PDS_OTHER_BAD_TLD 0.1 > describe PDS_OTHER_BAD_TLD Other untrustworthy TLDs > > -- > Paul Stead > Systems Engineer > Zen Internet