[BlueOnyx:23357] Re: ban e-mails from top level domains part two
Michael Stauber
mstauber at blueonyx.it
Thu Oct 17 11:06:34 -05 2019
Hi Meaulnes,
> you told me how to block entire TLD's: edit /etc/mail/access and put
> this line into it:
>
> icu 550 Mail rejected from junk TLD (with a TAB between icu and 550)
>
> I did this and inserted also other TLDs.
>
> icu 550 Mail rejected from junk TLD
> pro 550 Mail rejected from junk TLD
> best 550 Mail rejected from junk TLD
> top 550 Mail rejected from junk TLD
>
> That works for .icu, .pro, .top, but not for the four letter *.best*
> TLD, e-mails from such domains are still pouring into the Mail Delivery
> Subsystem...
Hmmm ... I'm not sure I have an answer to that at the moment, sorry.
Next week I'll be doing an overhaul of the AV-SPAM for 5210R and the new
code will then also be backported to the 5209R AV-SPAM. The Milter-GeoIP
in there will receive some code that I've been running myself for the
last year. That new code allows to block certain TLDs at the MTA level
via the milter.
It also does WHOIS lookups and you can block domains that are freshly
registered or can block domains that have been registered with
registries you don't like.
I once added that because a particularly annoying spammer was using
throw away hosting accounts and was cycling through >200 GoDaddy
registered domains he had lined up for that. Once I had identified this
behavior I could say: "If registered at GoDaddy and the last change is
newer than 7 days: Go away!"
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list