nTLD allowed sender blocked by SA rules

[Steve Ingram]

We have a user with a new TLD domain name that is being blocked by SA for outgoing mail even though they are an allowed domain/sender on the system. I can understand outgoing rules looking for spammy messages in case someone gets a hold of someone's password, but why would just using a nTLD be held against you for outgoing mail. Maybe if we had automatic sign up and free accounts? Is there any way to have this apply only to incoming mail or resolve in some other way? I'm using v6.1.

Matching Rule: Block outgoing Spam

Rule: Block outgoing Spam
Receiver: {obfuscated}@yahoo.com
Action: block message
Action: notify __ADMIN__
Action: notify __SENDER__

Spam detection results: 3
ALL_TRUSTED -1 Passed through trusted hosts only via SMTP
FROM_NTLD_LINKBAIT 1.999 From abused NTLD with little more than a URI
FROM_SUSPICIOUS_NTLD 0.498 From abused NTLD
FROM_SUSPICIOUS_NTLD_FP 1.664 From abused NTLD
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
TVD_SPACE_RATIO 0.001 -

 

[Stoiko Ivanov]

PMG runs in and outbound mail through SpamAssassin (in a rather default configuration) - the default ruleset shipped by PMG consists of the rules provided (and regularly updated by ) SpamAssassin and the KAM rule set.

This has the advantage that if your mail passes the outbound SpamAssassin scan you can be rather confident, that it will also pass spam-protection measures on the receiving side (e.g. when they're also running PMG or some SpamAssassin through other means they would also score your mails with similar points).

You can of course adapt the score for the particular rules that trigger the outbound scanning (FROM_SUSPICIOUS_NTLD FROM_SUSPICIOUS_NTLD_FP) in the gui (see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector) - so that mail does not get blocked - but as said - I would expect quite a number of those mails getting dropped at the recipient

I hope this helps!