[BlueOnyx:23367] Re: ban e-mails from top level domains part two

Thu, 17 Oct 2019 12:57:41 -0700 

Michael, thank you for your reply.

well then I tried a workaround. I listed all sender domains by concatenating 
all Mail Delivery Subsystem e-mails in one file «best.txt» (141 entries since 
two days), extracted 47 domains with

cat best.txt | grep -o "@.*\.best>" | sort -u | sed 's/@//' | sed 's/>//'

and inserted them in the list Server Management > E-mail > Advanced > Block 
Email From Hosts/Domains.

This isn't optimal, I'm sure those guys have more the 47 domain names /in 
petto/ but it will reduce the load a bit...

Best regards

_⌢_  Meaulnes Legler
'¿') Zurich, Switzerland.
`-´  +41¦0 44 260-1660 fax:-1661


On 17.10.19 18:06, Michael Stauber wrote:

Hi Meaulnes,


you told me how to block entire TLD's: edit /etc/mail/access and put
this line into it:

icu     550 Mail rejected from junk TLD (with a TAB between icu and 550)

I did this and inserted also other TLDs.

icu     550 Mail rejected from junk TLD
pro     550 Mail rejected from junk TLD
best    550 Mail rejected from junk TLD
top     550 Mail rejected from junk TLD

That works for .icu, .pro, .top, but not for the four letter *.best*
TLD, e-mails from such domains are still pouring into the Mail Delivery
Subsystem...


Hmmm ... I'm not sure I have an answer to that at the moment, sorry.

Next week I'll be doing an overhaul of the AV-SPAM for 5210R and the new
code will then also be backported to the 5209R AV-SPAM. The Milter-GeoIP
in there will receive some code that I've been running myself for the
last year. That new code allows to block certain TLDs at the MTA level
via the milter.

It also does WHOIS lookups and you can block domains that are freshly
registered or can block domains that have been registered with
registries you don't like.

I once added that because a particularly annoying spammer was using
throw away hosting accounts and was cycling through >200 GoDaddy
registered domains he had lined up for that. Once I had identified this
behavior I could say: "If registered at GoDaddy and the last change is
newer than 7 days: Go away!"




_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

Reply via email to