[BlueOnyx:23367] Re: ban e-mails from top level domains part two

Meaulnes Legler @ MailList bluelist at waveweb.ch
Thu Oct 17 14:46:38 -05 2019 

Michael, thank you for your reply.

well then I tried a workaround. I listed all sender domains by concatenating all Mail Delivery Subsystem e-mails in one file «best.txt» (141 entries since two days), extracted 47 domains with

cat best.txt | grep -o "@.*\.best>" | sort -u | sed 's/@//' | sed 's/>//'

and inserted them in the list Server Management > E-mail > Advanced > Block Email From Hosts/Domains.

This isn't optimal, I'm sure those guys have more the 47 domain names /in petto/ but it will reduce the load a bit...

Best regards

_⌢_  Meaulnes Legler
'¿') Zurich, Switzerland.
`-´  +41¦0 44 260-1660 fax:-1661


On 17.10.19 18:06, Michael Stauber wrote:
> Hi Meaulnes,
> 
>> you told me how to block entire TLD's: edit /etc/mail/access and put
>> this line into it:
>>
>> icu     550 Mail rejected from junk TLD (with a TAB between icu and 550)
>>
>> I did this and inserted also other TLDs.
>>
>> icu     550 Mail rejected from junk TLD
>> pro     550 Mail rejected from junk TLD
>> best    550 Mail rejected from junk TLD
>> top     550 Mail rejected from junk TLD
>>
>> That works for .icu, .pro, .top, but not for the four letter *.best*
>> TLD, e-mails from such domains are still pouring into the Mail Delivery
>> Subsystem...
> 
> Hmmm ... I'm not sure I have an answer to that at the moment, sorry.
> 
> Next week I'll be doing an overhaul of the AV-SPAM for 5210R and the new
> code will then also be backported to the 5209R AV-SPAM. The Milter-GeoIP
> in there will receive some code that I've been running myself for the
> last year. That new code allows to block certain TLDs at the MTA level
> via the milter.
> 
> It also does WHOIS lookups and you can block domains that are freshly
> registered or can block domains that have been registered with
> registries you don't like.
> 
> I once added that because a particularly annoying spammer was using
> throw away hosting accounts and was cycling through >200 GoDaddy
> registered domains he had lined up for that. Once I had identified this
> behavior I could say: "If registered at GoDaddy and the last change is
> newer than 7 days: Go away!"
>

More information about the Blueonyx mailing list