Posts

SpamAssassin Filter for New TLDs (.xyz .info .ninja etc)

Have you seen an increased spam from new TLDs (top level domains like these)?

.link, .xyz, .info, .ninja

This short tutorial demonstrates how to create a filter to add points for messages that are not from a list of preferred TLDs.

Important: This filter is not for everyone and you should adjust for best results considering your mail traffic and typical senders. You also should be familiar with editing plain text configuration files.1

Lets get started:

The local configuration for SpamAssassin is stored in this directory:

/Library/Server/Mail/Config/spamassassin

Within this directory, you can customize SpamAssassin with configuration files for filters, whitelists, blacklists, score overrides and more. These config files must end in .cf and are processed in alphabetical order. When the same setting is repeated, the last occurrence wins.

Your additions should load last, so we’ll call this new filter: z_tld.cf

Lets think about the goal.

We want to reduce spam, but still accept/deliver legitimate mail from these TLDs.
SpamAssassin runs hundreds of tests, and they all have a subtle effect on the final spam score.
We don’t want to be too heavy handed. For our example: we’re going to add 1.5 points to the final score.

Here’s our filter:

file: /Library/Server/Mail/Config/spamassassin/z_tld.cf

# add points if the From address is not a valid host in a listed TLD
header      LOCAL_FROM_TLD  From   !~ /@[a-z0-9\-\.]+\.(com|org|net|mil|edu)/i
describe    LOCAL_FROM_TLD         From address is not a valid host in a listed TLD
score       LOCAL_FROM_TLD  1.5

Lets break it down:

header:
This is the meat of the filter. We are searching the From header for mail not !~ matching the regex expression. The regex expression has two parts.

Part 1: /@[a-z0-9\-\.]+\. catches a legit hostname (mail.company) without the TLD (com, org, etc). spammer@spam!domain.com would be caught because ! is not allowed in a hostmame.

Part 2: (com|org|net|mil|edu) is the list of TLDs we do not penalize. Edit this list to include any TLD you typically receive mail from. Note: the filter ends in /i. A spamassassin expression begins with / ends with / and the i means case insensitive.

describe:
Description of the filter

score:
We are adding 1.5 points.
Remember, this is a negative match !~, so we add 1.5 points when the TLD is not com|org|net|mil|edu.

Shortcut

If you decide to implement this ‘as-is’, copy/paste the following in Terminal:

echo '# TLD Filter
# adds points if the From address is not a valid host in a listed TLD
header      LOCAL_FROM_TLD  From   !~ /@[a-z0-9\-\.]+\.(com|org|net|mil|edu)/i
describe    LOCAL_FROM_TLD         From address is not a valid host in a listed TLD
score       LOCAL_FROM_TLD  1.5' | sudo tee -a /Library/Server/Mail/Config/spamassassin/z_tld.cf

sudo launchctl stop org.amavis.amavisd
Test and Verify Results

Test your mail system, make sure you are able to send/receive.

Watch the amavis log located at /Library/Logs/Mail/amavis.log and you should see hits.

From your mail application, check for the x-spam-status header.

Check if syntax, typos or other errors in this filter have caused any errors:

sudo -u _amavisd -H spamassassin --lint -D 2>&1 | grep LOCAL_FROM_TLD

Reference

http://commons.oreilly.com/wiki/index.php/SpamAssassin/SpamAssassin_Rules

Document Version 1.0, 11.2.2016


  1. If you are unsure about how to edit a configuration file, have a look at our tutorial on how to edit text configuration files on OS X Server 

mailbfr

The latest release of mailbfr is available for download on this page.

See current changelog for a complete list of fixes and additions.
Please read our FAQs as well.

mailbfr assists Mac OS X Server mail service administrators in creating a backup of their active mail settings and stores.

mailbfr will create a backup of all Postfix and Cyrus settings, together with the Postfix Queue, the Cyrus Mailstores and Sieve scripts. The type of backup (full, incremental, rotation) can be selected.

It has an array of additional functions. Among them the possibility to selectively restore settings, single mail stores, single mail users or all mail services.

mailbfr can also assist you in fixing a corrupt cyrus database.

This script is written for Mac OS X 10.3.x, 10.4.x and 10.5.x.

 

Download mailbfr 1.0.7
Get help for mailbfr

 

Is mailbfr compatible with OS X 10.5.x Leopard Server?

Yes, starting with version 0.8.5, mailbfr is compatible with OS X 10.5.x Leopard Server.

mailbfr Changelog

1.0.7 Release – 22.4.2010

-As of this release, mailbfr will fork into a Cyrus and a Dovecot branch
-Changes in update mechanism to accomodate future releases of separate branches

1.0.6 Release – 26.8.2009
-Minor bug fix and clean up
-This is the last release supporting Mac OS X Server 10.3 Panther

1.0.5 Release – 11.08.2009:
-Bug fix to correct start/stop behaviour in 10.3

1.0.4 Release – 27.07.2009:
-Minor bug fix that would prevent restore of mailman configuration files

1.0.3 Release – 3.06.2009:
-Minor bug fix

1.0.2 Release – 21.04.2009:
-Minor bug fix

1.0.1 Release – 20.04.2009:
-Added backup of mailman
-Changes in how mail services are stopped to avoid Server Admin bug
-Only IMAP services are stopped during backup/restore
-Structural changes to accommodate dovecot

0.9.5 Release – 26.08.2008:
-Added some warning strings
-Added option to purge a mailbox’ contents
-Added check to check for spaces in paths
-Removed restoration of settings in transfer mode
-Changed update URL

0.8.5 Release – 26.10.2007:
-Changed version display for 3rd party software
-Leopard compatibility
-New transfer option

0.7.3 Release – 17.4.2007:
-Added a check to see if the backup path/volume exists.

0.7.2 Release – 16.12.2006:
-Cosmetic changes

0.7.1 Release – 15.12.2006:
-Added time stamp to output at beginning and end of backup

0.7.0 Release – 11.12.2006:
-Added backup of custom spamassassin rules
-Added more configuration related error trapping
-Minor cosmetic fixes
-Increased verbosity of error messages
-Changed Postfix queue restore procedure

0.6.9 Release – 7.12.2006:
-Sieve issue on poorly configured systems fixed.

0.6.8 Release – 6.12.2006:
-Disabled copying of Sieve directory because of intermittent not reproducible errors on a handful of systems.

0.6.7 Release – 5.12.2006:
-Modified routine for stopping and starting services. Will not restart services if they were already stopped at runtime.
-Added fix for backing up with broken sieve folders

0.6.6 Release – 28.11.2006 :
-Modified routine for online updates to notify users if an update check is not possible.

0.6.4 Release – 22.11.2006 :
-Added version display for mail system components
-Added display of version number to progress output
-Added some additional error trapping

0.6.3 Release – 21.11.2006 :
-Minor bugfix

0.6.2 Release 17.11.2006:
-Minor bug fix

0.6.1 Release 17.11.2006:
-Added option for restoring single mailbox/user
-Added option for reconstructing single mailbox/user
-Added option for displaying usernames
-Added option for displaying detailed mailbox/user information
-Backup/Restore now includes sieve directory

0.5.1 Release 10.11.2006:
-Added choice for incremental or full backup
-Added simple weekly rotation mechanism
-Removed diagnostics
-mailbfr is now distributed as an installer package

0.4.7 Release:
-Fixed minor Bug for certain 10.3.x configurations

0.4.6 Release:
-Fixed error in man file

0.4.5 Release:
-Added a check for certain 10.3.x configurations

0.4.2 Release:
-Changed reconstruct routine to include partitions

0.4.1 Release:
-Added a diagnostics routine
-Added text to tell user to use 24-hour clock when adding cronjob

0.3.9 Release:
-Added a configuration check for illegal directory settings

0.3.6 Release:
-Changed all copy processes to rsync
-Changed chown to /usr/sbin/chown for cron
-Minor cosmetic fixes

0.3.4 Release:
-Excluded “socket” and “pid” directories from backup
-Added chown/chmod to backup directory
-Check for mail service status before starting on error

0.3.1 Release:
-Streamlined automatic update feature

0.3.0 Release:
-Added automatic update feature
-Cron friendly

0.2.1 Release:
-Fixed problem when backing up partitions

0.2.0 Release:
-First Public Release

You can download the latest release of mailbfr from our downloads page

Where can I find all available options for mailbfr?

Basic instructions are given in the enclosed documentation. All options are listed in the online documentation. To see it, issue "man mailbfr".