[BlueOnyx:22893] Re: ban e-mails from *.icu domains

[Colin Jack]

Hi Michael,


> > lately the Mail Delivery Subsystem gets flooded with e-mails sent to
> > none existing addresses, all ending in .icu
> 
> Yeah, the GUI doesn't allow to block entire TLD's. It was never thought to be
> necessary or a good idea. But that was before the advent of junk TLD's such as
> this one. I just looked at the GUI page and it's not easy to extend that form
> field, as the regular expression for that checks for valid domains, so there has
> to be at least one dot in it. It doesn't accept wildcards, so *.icu won't work. I
> can't extend this regular expression to accept wildcards, as we use it
> elsewhere in place where we absolutely cannot accept wildcards.
> 
> If we add GUI support for this, then it would need to be a separate form field
> like "Block Emails from these TLDs".
> 
> But maybe you're looking at it from the wrong end. You say your maillog is full
> with these. Are these *.icu emails inbound or outbound emails?
> 
> If these are outbound, then this would indicate a problem on your server. Like a
> compromised user account use for spamming or an abused script.
> 
> 
> If you want to manually add a block for *.icu, you can do this:
> 
> Edit /etc/mail/access and put this line into it:
> 
> icu     550 Mail rejected from junk TLD
> 
> Between "icu" and "550" aren't 3-4 spaces. That's a single TAB (tabulator key).
> 
> Save the changes and then run this command:
> 
> cd /etc/mail
> make -C all
> 
> That will put that change into effect.
> 

We are seeing a lot of these too ... basically it is incoming spam with *.icu reply domain. They flood the incoming queue and then bounce for example 'user unknown' and try to send an undeliverable to the reply-to address (*.icu).

Regards

Colin