Well, it was worth a try. :-/
About 12 hours after I put that RE in place, I got another one from a
different domain in '.icu'. It was held for moderation, not
automatically discarded.
I have:
8 email addresses in accept_these_nonmembers
0 email addresses in hold_these_nonmembers
0 email addresses in reject_these_nonmembers
^@.*\.icu$ in discard_these_nonmembers
'Hold' for generic_nonmember_action
'Yes' for forward_auto_discards
but it seemed to make no difference; the UCE was still held for
moderation.
I'm going to try putting "from: .*@.*\.icu" in header_filter_rules and
see if that makes any difference.
Any other ideas?
-Chip-
On 5/30/2019 7:03 PM, Robert Heller wrote:
At Thu, 30 May 2019 11:57:44 -0400 Chip Davis <c...@aresti.com> wrote:
I've supported a dozen Mailman listservers for over a dozen years.
This doesn't represent much real effort most of the time. I've had to
block specific users often and specific domains rarely, but this is
the first time I've had to block an entire TLD.
Recently I've been gifted with an inordinate amount of UCE from many
different domains under the '.icu' TLD.
Since Python RE's are _almost_ the same as the UNIX RE's I used many
years ago, if I put
^@.*\.icu$
in discard_these_nonmembers, will it block all domains in that TLD?
Yes.
And not block anyone else?
Yes.
I've done this, and then I took things a step further:
What *I* have done (because I can), is configure rejection of both domains AND
cidrs at the Postfix level, putting REJECT's in both /etc/postfix/access and
/etc/postfix/cidr.clients. (I use *REJECT* for a reason: I figure if these
idiots are going to make trouble for me, I'll make trouble for them -- eg now
they will will get reject messages. Also when the addresses are from legit
mail servers, the admins there will get a wake up call and presumably do
something -- I have discovered that there is really little point in sending
anything to the [so-called] 'abuse' addresses.)
I've also configured mimedefang and spamassassin to *reject* spam at the
Postfix as well. Very little gets though now.
Thanks,
-Chip Davis-
Mailman 2.1.27 > shared host
linux 2.6.32-696.18.7.el6.x86_64
cPanel 80.0.10
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
