Re: Anyone else just blocking the ".top" TLD?

Mon, 28 Mar 2016 18:05:03 -0700 

On 03/28/2016 05:23 AM, Reindl Harald wrote:
> 
> 
> Am 28.03.2016 um 05:24 schrieb Bill Cole:
>> On 27 Mar 2016, at 21:58, Thomas Cameron wrote:
>>
>>> Has anyone actually gotten a single legit message from that domain?
>>
>> IMHO we're close to the point where it will make sense to make email
>> default-deny and to build standard protocols for senders to be returned
>> to the traditional trust model on a domainwise basis for each receiving
>> system or domain. The authentication methods already exist, there just
>> isn't enough adoption (for some good reasons) and we don't have usable
>> authorization models
> 
> what we do is:
> 
> * reject every non-existent tld
> * download http://data.iana.org/TLD/tlds-alpha-by-domain.txt daily
> * if new domains arrived allow them as sender/helo in theory
> * BUT blacklist_tld.cf comes after the spf-policyd
> * old gTLD and ccTLD are excluded here
> * some speical friends like .top and *.xyz* are in a own sender-access
>   and even in a unconditional helo-reject
> 
> -------- Weitergeleitete Nachricht --------
> Betreff: Cron <root@mail-gw> update-spamfilter.sh
> Datum: Sat, 26 Mar 2016 02:40:03 +0100 (CET)
> Von: (Cron Daemon)
> UPDATED: /etc/postfix/blacklist_generic_ptr.cf
> 1145a1146
>> /.*\.ally$/ DUNNO
> 1189a1191
>> /.*\.barefoot$/ DUNNO
> ---------------------------------------------------------------------
> UPDATED: /etc/postfix/blacklist_helo.cf
> 44a45
>> /.*\.ally$/ DUNNO
> 88a90
>> /.*\.barefoot$/ DUNNO
> ---------------------------------------------------------------------
> UPDATED: /etc/postfix/blacklist_tld.cf
> 22a23
>> /.*\.ally$/ REJECT Spam-TLD (SPF Required: .ally - see
> http://en.wikipedia.org/wiki/Sender_Policy_Framework)
> 51a53
>> /.*\.barefoot$/ REJECT Spam-TLD (SPF Required: .barefoot - see
> http://en.wikipedia.org/wiki/Sender_Policy_Framework)
> ---------------------------------------------------------------------
> 
> OK: /usr/bin/systemctl reload postfix.service
> 

Wow! I almost didn't post this, I figured I'd get yelled at for such a
heavy-handed approach. Thanks for letting me know I'm not completely nuts.

Well, at least not as regards to this particular subject! :-)

Thomas

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to