On 03/28/2016 05:23 AM, Reindl Harald wrote: > > > Am 28.03.2016 um 05:24 schrieb Bill Cole: >> On 27 Mar 2016, at 21:58, Thomas Cameron wrote: >> >>> Has anyone actually gotten a single legit message from that domain? >> >> IMHO we're close to the point where it will make sense to make email >> default-deny and to build standard protocols for senders to be returned >> to the traditional trust model on a domainwise basis for each receiving >> system or domain. The authentication methods already exist, there just >> isn't enough adoption (for some good reasons) and we don't have usable >> authorization models > > what we do is: > > * reject every non-existent tld > * download http://data.iana.org/TLD/tlds-alpha-by-domain.txt daily > * if new domains arrived allow them as sender/helo in theory > * BUT blacklist_tld.cf comes after the spf-policyd > * old gTLD and ccTLD are excluded here > * some speical friends like .top and *.xyz* are in a own sender-access > and even in a unconditional helo-reject > > -------- Weitergeleitete Nachricht -------- > Betreff: Cron <root@mail-gw> update-spamfilter.sh > Datum: Sat, 26 Mar 2016 02:40:03 +0100 (CET) > Von: (Cron Daemon) > UPDATED: /etc/postfix/blacklist_generic_ptr.cf > 1145a1146 >> /.*\.ally$/ DUNNO > 1189a1191 >> /.*\.barefoot$/ DUNNO > --------------------------------------------------------------------- > UPDATED: /etc/postfix/blacklist_helo.cf > 44a45 >> /.*\.ally$/ DUNNO > 88a90 >> /.*\.barefoot$/ DUNNO > --------------------------------------------------------------------- > UPDATED: /etc/postfix/blacklist_tld.cf > 22a23 >> /.*\.ally$/ REJECT Spam-TLD (SPF Required: .ally - see > http://en.wikipedia.org/wiki/Sender_Policy_Framework) > 51a53 >> /.*\.barefoot$/ REJECT Spam-TLD (SPF Required: .barefoot - see > http://en.wikipedia.org/wiki/Sender_Policy_Framework) > --------------------------------------------------------------------- > > OK: /usr/bin/systemctl reload postfix.service >
Wow! I almost didn't post this, I figured I'd get yelled at for such a heavy-handed approach. Thanks for letting me know I'm not completely nuts. Well, at least not as regards to this particular subject! :-) Thomas
signature.asc
Description: OpenPGP digital signature