I've got 3.4.1 installed and sa-update runs regularly.
Unlike Larry (and others) I DO want to block the vast majority of the new tlds, because we see nothing but spam from them (and my users tend toward the more false-positives than false-negatives side of the spectrum). Rather than maintain a list of all the problematic tlds, I'd rather have a blanket block rule with the ability whitelist the handful that might be legit. Is anyone doing anything like this (perhaps as a plugin)? On Tue, 20 Oct 2015, Kevin A. McGrail wrote:
If you have 3.4.1 and use sa-update then we add new tlds to a rule file that is then parsed. This does not block those tlds. It let's the engine recognize the urls for further rules. If you have a tld that is missed and you are using 3.4.1 with sa-update, let us know. Regards, KAM On October 14, 2015 3:37:58 PM PDT, sha...@shanew.net wrote: On Tue, 13 Oct 2015, Kevin A. McGrail wrote: At the end of the day, if you are having problems with new TLDs, ONE soluti on is to use something that uses SA 3.4.1 and has sa-update configured so you get updates with said new TLDs. I think maybe people are confused about how exactly this change helps them get rid of all the spam that's coming from the "new" TLDs. So, in other words, having just updated to 3.4.1, how does one go from having a list of all the new TLDs that can now be nicely maintained with sa-update to getting rules which actually score against the vast majority of the new TLDs (since most of them seem to be 99.99% spam)? I had created a local rule before moving to 3.4.1 that looks for new TLDs in the Received, From and EnvelopeFrom headers, but it was obvious that this wasn't going to scale well. Did the new system in 3.4.1 make this easier for me to do, or did it just make it possible for new TLDs to be handed off to RBLs and the like (not that that's not a major win)? Any elaboration (or a pointer to documentation (not the man page)) would be greatly appreciated.
-- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | System Admin - UT CompSci =----------------------------------+------------------------------- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew