Re: Anyone else just blocking the ".top" TLD?

2016-07-16 Thread Reindl Harald 



Am 16.07.2016 um 21:48 schrieb Jonathan Nichols:

I’m just blocking them. .top has been nothing but spam. Looking at my logs, 
.top accounts for over 90% of the rejected email nowadays.

But I’m just doing it in Postfix and this has been working fine. Any ones that 
I need to whitelist, I just add to the OK line. The handful of users know about 
this as well, and are ok with it.

# Permit .us and .ca TLDs
/\.us$/ OK  
/\.ca$/ OK
/\.jobs$/   OK  # .jobs is mostly legit


that's pure nonsense because you skip anything below with "OK"
what you want here is DUNNO - means "make no decision at this point"



signature.asc
Description: OpenPGP digital signature

Re: Anyone else just blocking the ".top" TLD?

2016-07-16 Thread jasonsu 


On Sat, Jul 16, 2016, at 12:48 PM, Jonathan Nichols wrote:
> I’m just blocking them. .top has been nothing but spam. Looking at my logs, 
> .top accounts for over 90% of the rejected email nowadays.

you can of course do what you want, but IMO it bears mention for others' 
awareness that

# Block two letter TLDs.
/\.[a-z][a-z]$/ REJECT Spam 

is, in effect

# Block every country's email
/\.[a-z][a-z]$/ REJECT mail from every A2 (ISO) country code

Here's a pretty complete list

http://www.worldatlas.com/aatlas/ctycodes.htm A2 (ISO)

Re: Anyone else just blocking the ".top" TLD?

2016-07-16 Thread Jonathan Nichols 
>> 
>> On Wed, Apr 27, 2016 at 5:39 PM, @lbutlr  wrote:
>> On Apr 27, 2016, at 2:06 PM, Olivier Coutu  wrote:
>> > I have affected a hefty penalty in SA to any mail that comes from one of 
>> > these TLDs:
>> >
>> > (party|science|click|link|faith|racing|win|zip|review|country|kim|cricket|work|gq|date|lol|top|download|space|site|online)
>> 
>> Are you doing this with the cooperation of Amavis?
>> 
>> (I’ve had no luck with adding scoring rules to local.cf that amavis 
>> recognizes.)
>> 
>> --
>> Friends help you move. Real friends help you move bodies.
>> 
>> 


I’m just blocking them. .top has been nothing but spam. Looking at my logs, 
.top accounts for over 90% of the rejected email nowadays.

But I’m just doing it in Postfix and this has been working fine. Any ones that 
I need to whitelist, I just add to the OK line. The handful of users know about 
this as well, and are ok with it.

# Permit .us and .ca TLDs
/\.us$/ OK   
/\.ca$/ OK
/\.jobs$/   OK  # .jobs is mostly legit

# Block TLDs of 4 characters or more.
/.[a-z]{4,20}$/ REJECT Spam 

# Block two letter TLDs.
/\.[a-z][a-z]$/ REJECT Spam 

# Block .top
/\.top$/REJECT  # Useless TLD full of spam

Re: Anyone else just blocking the ".top" TLD?

2016-07-16 Thread Reindl Harald 



Am 16.07.2016 um 16:43 schrieb Max Watkins aka Maciej Hryckiewicz:

What will be best approach to block it in EXIM ?
Ack rule with lookup in text file ?
How would you prevent legit domain from being blocked for example block
.book but not book.com?


http://www.gossamer-threads.com/lists/exim/users/98599



signature.asc
Description: OpenPGP digital signature

Re: Anyone else just blocking the ".top" TLD?

2016-07-16 Thread Antony Stone 
On Saturday 16 July 2016 at 16:43:00, Max Watkins aka Maciej Hryckiewicz 
wrote:

> What will be best approach to block it in EXIM ?
> Ack rule with lookup in text file ?

Good plan.  Here's what I found from a Google search for "exim block domain":

https://www.tekovic.com/exim-acl-for-blocking-certain-senders

> How would you prevent legit domain from being blocked for example block
> .book but not book.com?

Should be obvious from the above guide.


Regards,


Antony.

> > On Apr 28, 2016, at 12:40 AM, Sergio wrote:
> > 
> > This is what I block:
> > (bid|book|click|club|cricket|date|democrat|directory|download|faith|help|
> > link|ninja|party|press|pro|racing|reviews?|rocks|science|site|social|spac
> > e|top|uno|webcam|website|work|win|xyz)
> > 
> > I will add some from what you have posting, thanks.
> > 
> > Sergio
> > 
> >> On Wed, Apr 27, 2016 at 5:39 PM, @lbutlr wrote:
> >> 
> >> On Apr 27, 2016, at 2:06 PM, Olivier Coutu wrote:
> >> > I have affected a hefty penalty in SA to any mail that comes from one
> >> > of these TLDs:
> >> > 
> >> > (party|science|click|link|faith|racing|win|zip|review|country|kim|cric
> >> > ket|work|gq|date|lol|top|download|space|site|online)
> >> 
> >> Are you doing this with the cooperation of Amavis?
> >> 
> >> (I’ve had no luck with adding scoring rules to local.cf that amavis
> >> recognizes.)

-- 
"If I've told you once, I've told you a million times - stop exaggerating!"

   Please reply to the list;
 please *don't* CC me.

Re: Anyone else just blocking the ".top" TLD?

2016-07-16 Thread Max Watkins aka Maciej Hryckiewicz 
What will be best approach to block it in EXIM ? 
Ack rule with lookup in text file ? 
How would you prevent legit domain from being blocked for example block .book 
but not book.com?

Thanks,
Max 

> On Apr 28, 2016, at 12:40 AM, Sergio  wrote:
> 
> This is what I block:
> (bid|book|click|club|cricket|date|democrat|directory|download|faith|help|link|ninja|party|press|pro|racing|reviews?|rocks|science|site|social|space|top|uno|webcam|website|work|win|xyz)
> 
> 
> I will add some from what you have posting, thanks.
> 
> Sergio
> 
>> On Wed, Apr 27, 2016 at 5:39 PM, @lbutlr  wrote:
>> On Apr 27, 2016, at 2:06 PM, Olivier Coutu  wrote:
>> > I have affected a hefty penalty in SA to any mail that comes from one of 
>> > these TLDs:
>> >
>> > (party|science|click|link|faith|racing|win|zip|review|country|kim|cricket|work|gq|date|lol|top|download|space|site|online)
>> 
>> Are you doing this with the cooperation of Amavis?
>> 
>> (I’ve had no luck with adding scoring rules to local.cf that amavis 
>> recognizes.)
>> 
>> --
>> Friends help you move. Real friends help you move bodies.
>> 
>