[BlueOnyx:22891] Re: ban e-mails from *.icu domains

2019-05-09 Thread Michael Stauber 
Hi Meaulnes,

> lately the Mail Delivery Subsystem gets flooded with e-mails sent to
> none existing addresses, all ending in .icu

Yeah, the GUI doesn't allow to block entire TLD's. It was never thought
to be necessary or a good idea. But that was before the advent of junk
TLD's such as this one. I just looked at the GUI page and it's not easy
to extend that form field, as the regular expression for that checks for
valid domains, so there has to be at least one dot in it. It doesn't
accept wildcards, so *.icu won't work. I can't extend this regular
expression to accept wildcards, as we use it elsewhere in place where we
absolutely cannot accept wildcards.

If we add GUI support for this, then it would need to be a separate form
field like "Block Emails from these TLDs".

But maybe you're looking at it from the wrong end. You say your maillog
is full with these. Are these *.icu emails inbound or outbound emails?

If these are outbound, then this would indicate a problem on your
server. Like a compromised user account use for spamming or an abused
script.


If you want to manually add a block for *.icu, you can do this:

Edit /etc/mail/access and put this line into it:

icu 550 Mail rejected from junk TLD

Between "icu" and "550" aren't 3-4 spaces. That's a single TAB
(tabulator key).

Save the changes and then run this command:

cd /etc/mail
make -C all

That will put that change into effect.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22890] ban e-mails from *.icu domains

2019-05-09 Thread Meaulnes Legler @ MailList 

hello

lately the Mail Delivery Subsystem gets flooded with e-mails sent to none 
existing addresses, all ending in .icu


 - The following addresses had permanent fatal errors -

(reason: 550-5.1.1 The email account that you tried to reach does not 
exist. Please try)


cat /var/log/maillog | grep "\.icu" lists a plethora of domains all ending in 
«.icu»

a good practice I use to ban recurrent e-mail servers sending their junk is to 
add their domain address in the GUI in the list at
Server Management > Email > Advanced > Block Email From Hosts/Domains

this works quite fine since entering for instance «autobiz.com» bans also 
«campaigns-autobiz.com» as also «sales-autobiz.com».

But I can't enter a regular expression like *\.icu or [a-z]\.icu

Any ideas how I can ban all .icu domains?

Thank you and best regards

_⌢_  Meaulnes Legler
'¿') Zurich, Switzerland.
`-´  +41¦0 44 260-1660 fax:-1661


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx