Sorry, I don’t have an answer to your actual question. I hope you don’t mind if I share what I do instead.
I block them at the SMTP level - the email doesn’t even make it to spamassassin as it doesn’t get accepted in the first place.
Here’s how:
In /etc/postfix/main.cf, I have the following line:
header_checks = regexp:/etc/postfix/header_checks
Place it above your other spam and authenticity checks.
Then, create the file /etc/postfix/header_checks
In it, you can put a bunch of things, but to block a TLD, add the following:
# Some TLD rejections. Kill entire countries.
/^Received: ..gt .$/ REJECT Sorry, too much spam from Guatemala
/^Received: ..tw .$/ REJECT Sorry, too much spam from Taiwan
/^Received: ..kr .$/ REJECT Sorry, too much spam from Korea
/^Received: ..cr .$/ REJECT Sorry, too much spam from Costa Rica
/^Received: ..cn .$/ REJECT Sorry, too much spam from China
/^Received: ..ru .$/ REJECT Sorry, too much spam from RU
/^Received: ..br .$/ REJECT Sorry, too much spam from Brazil
/^Received: ..th .$/ REJECT Sorry, too much spam from Thailand
/^Received: ..tr .$/ REJECT Sorry, too much spam from Turkey
I also like to rub out some known problem ISPs with:
# Kill known spamming ISPs
/^Received: ..dynamic.hinet.net .$/ REJECT Sorry, too much spam from HINET
Save the file and restart postfix.
This isn’t a silver bullet, but I find it helpful.
Edit: Doh, I just reread that you want to kill the *.faith TLD. Sorry, the above might not be that helpful for that case (although it might be for others, so I’ll leave it).
Try this instead/as well.
In /etc/postfix/main.cf, add the following line within the “smtpd_recipient_restrictions” section.
check_sender_access hash:/etc/postfix/sender_access,
You might end up with a code block that looks something like this:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_access,
reject_rbl_client zen.spamhaus.org
Then, create a file named /etc/postfix_sender_access. In it, put what you need, but the following might give you some hints. In case you aren’t aware, don’t start your line with the hash. It means the line should be ignored.
#/etc/postfix/sender_access
Black/Whitelist for senders matching the ‘MAIL FROM’ field.
###############################################################
You must run the following command after making changes here.
postmap /etc/postfix/sender_access
###############################################################
Examples…
#myfriend@example.com OK
#junk@spam.com REJECT
#marketing@ REJECT We don’t want any marketing emails, thanks.
#theboss@ OK
#deals.marketing.com REJECT
#somedomain.com OK
Note the line that says you need to run the command “postmap /etc/postfix/sender_access” every time you make changes to that file.
Again, you should restart postfix after adding this change.