Add + to the spam score for different domains

[cahbe]

Hello everyone,
I encountered what seems to be a trivial issue. ChatGPT keeps suggesting a rather logical and simple solution, but PMG doesn't have such "activities":

____________________________
Go to the PMG web interface.
Navigate to Mail Filter > Who Objects:
Create a Who object with the type Regexp.
In the regular expression field, add:

^(?!.*\.com\).*$

This expression means: "Does not end with .com".

Next, go to Mail Filter > Custom Rules:
Create a new rule.
In the condition, choose the Who object created (for example, "Non-domains").
In the action, specify adding +2 to the Spam Score.

____________________________
I want to add +2 to the spam score for all emails not sent from "standard" domains (*.com and others).
It's simple – I’m sure that I should not be receiving “legitimate” emails from countries in Asia, Africa, or the North Pole, and I want to add +2 to the spam score for such emails by default.

 

[keeka]

I don't believe it is possible to create such actions (modify spam score) in the PMG mail filter UI.
I think you need to do it in your spamassasin custom config. Copy /var/lib/pmg/templates/local.cf.in to /etc/pmg/templates/ and start making the requisite changes there. IME ChatGPT frequently suggests unworkable solutions to these sort of questions. See "custom rules" in Penalizing weird domains in Spamassassin

 

[cahbe]

I don't believe it is possible to create such actions (modify spam score) in the PMG mail filter UI.
I think you need to do it in your spamassasin custom config. Copy /var/lib/pmg/templates/local.cf.in to /etc/pmg/templates/ and start making the requisite changes there. IME ChatGPT frequently suggests unworkable solutions to these sort of questions. See "custom rules" in Penalizing weird domains in Spamassassin

Good afternoon. At first glance, this seems to be exactly what is needed, but I have one clarification. You mentioned that changes should be made to the file /etc/pmg/templates/local.cf.in (by the way, there is no /templates/ folder).

However, in the link provided, changes are made to the file /etc/mail/spamassassin/local.cf.in

I want to clarify to avoid breaking anything.

Is there already a list of all the standard rules somewhere? Perhaps it would be better to add the new rule there?

 

[keeka]

Sorry I wasn't quite right there.

Spamassassin customisation (that cannot be achieved via the PMG UI/API) should in fact go in /etc/mail/spamassassin/custom.cf.
That file is not part of the PMG template system, so there's no need to override in the way I suggested above.

i.e. 'custom rules' section of that page can be applied via /etc/mail/spamassassin/custom.cf.

/etc/pmg/templates/ may not exist by default. In my case it does. I must have created when I made changes to the postfix config. But it is not needed in this case. /etc/mail/spamassassin/local.cf is where PMG writes config generated via the web UI options.

Apologies for the confusion.

 

[cahbe]

I followed your instructions and added the following rule:

header      LOCAL_FROM_TLD  From =~ /@[a-z0-9\-\.]+\.(?!com$)[a-z]{2,}$/i 
describe    LOCAL_FROM_TLD  Domain does not match trusted TLDs 
score       LOCAL_FROM_TLD  1.0

to the file /etc/mail/spamassassin/custom.cf.

However, in the tracking center logs for email processing, my rule doesn't appear:

noreply@smarttender.biz-
pmg-smtp-filter[61126]: 12257E67485372D539C: SA score=2/5 time=1.415 bayes=0.00 autolearn=no autolearn_force=no hits=BAYES_00(-1.9),DMARC_PASS(-0.1),DOS_BODY_HIGH_NO_MID(3.099),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_INFOUSMEBIZ(0.75),LOTS_OF_MONEY(0.001),MIME_HTML_ONLY(0.1),MISSING_MID(0.497),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),TO_NO_BRKTS_HTML_IMG(0.001)

When testing through the console on the server, the rule exists and works as expected.
echo "From: noreply@smarttender.biz" | spamassassin:

root@pmg:~# echo "From: noreply@smarttender.biz" | spamassassin
Received: from localhost by pmg.UMTRANS
        with SpamAssassin (version 4.0.1);
        Thu, 28 Nov 2024 14:06:08 +0200
From: noreply@smarttender.biz
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on pmg.UMTRANS
X-Spam-Flag: YES
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.0 required=5.0 tests=BAYES_40,EMPTY_MESSAGE,
        KAM_BLANKSUBJECT,KAM_DMARC_STATUS,KAM_INFOUSMEBIZ,LOCAL_FROM_TLD,
        MISSING_DATE,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_RECEIVED,
        NO_RELAYS autolearn=no autolearn_force=no version=4.0.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_67485CB0.E1F086AF"

This is a multi-part message in MIME format.

------------=_67485CB0.E1F086AF
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "pmg.UMTRANS",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:

Content analysis details:   (9.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.5 MISSING_MID            Missing Message-Id: header
-0.0 NO_RECEIVED            Informational: message has no Received headers
 1.4 MISSING_DATE           Missing Date: header
 1.8 MISSING_SUBJECT        Missing Subject: header
 2.3 EMPTY_MESSAGE          Message appears to have no textual parts
 0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                            Alignment
-0.0 BAYES_40               BODY: Bayes spam probability is 20 to 40%
                            [score: 0.2057]
 0.2 KAM_BLANKSUBJECT       Message has a blank Subject
 1.0 LOCAL_FROM_TLD         Domain does not match trusted TLDs
 1.0 MISSING_HEADERS        Missing To: header
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
 0.8 KAM_INFOUSMEBIZ        Prevalent use of
                            .info|.us|.me|.me.uk|.biz|xyz|id|rocks|life
                            domains in spam/malware



------------=_67485CB0.E1F086AF
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

From: noreply@smarttender.biz

------------=_67485CB0.E1F086AF--

Any thoughts on why it behaves this way?

 

[keeka]

That's promising.
Only thing I can think of is, you are invoking standalone spamassasin directly, whereas PMG mail system may require restart of service(s) for the changed config to get picked up.

 

[cahbe]

That's promising.
Only thing I can think of is, you are invoking standalone spamassasin directly, whereas PMG mail system may require restart of service(s) for the changed config to get picked up.

Of course, I restarted both the service itself and the server entirely.

 

[keeka]

In that case, I do not know.