[BlueOnyx:23392] Re: ban e-mails from TLD part three

Meaulnes Legler @ MailList bluelist at waveweb.ch
Thu Oct 24 03:17:57 -05 2019 

dear Michael

I asked you a while ago on how to block entire TLDs from accepting e-mail. You suggested the an entry in /etc/mail/access like, for *.icu domains:

icu	550 Mail rejected from junk TLD (with a TAB between icu and 550)

I first thought it would work only for three letter TLDs, not for domains like *.best or *faith and sent a notice last week.

But actually it *does* work for any TLD regardless of its length — I had a mess in my configurations, sorry.

Just wanted to let you know.

Thank you and best regards

_⌢_  Meaulnes Legler
'¿') Zurich, Switzerland.
`-´  +41¦0 44 260-1660


On 17.10.19 18:06, Michael Stauber wrote:
> Hi Meaulnes,
> 
>> you told me how to block entire TLD's: edit /etc/mail/access and put
>> this line into it:
>>
>> icu     550 Mail rejected from junk TLD (with a TAB between icu and 550)
>>
>> I did this and inserted also other TLDs.
>>
>> icu     550 Mail rejected from junk TLD
>> pro     550 Mail rejected from junk TLD
>> best    550 Mail rejected from junk TLD
>> top     550 Mail rejected from junk TLD
>>
>> That works for .icu, .pro, .top, but not for the four letter *.best*
>> TLD, e-mails from such domains are still pouring into the Mail Delivery
>> Subsystem...
> 
> Hmmm ... I'm not sure I have an answer to that at the moment, sorry.
> 
> Next week I'll be doing an overhaul of the AV-SPAM for 5210R and the new
> code will then also be backported to the 5209R AV-SPAM. The Milter-GeoIP
> in there will receive some code that I've been running myself for the
> last year. That new code allows to block certain TLDs at the MTA level
> via the milter.
> 
> It also does WHOIS lookups and you can block domains that are freshly
> registered or can block domains that have been registered with
> registries you don't like.
> 
> I once added that because a particularly annoying spammer was using
> throw away hosting accounts and was cycling through >200 GoDaddy
> registered domains he had lined up for that. Once I had identified this
> behavior I could say: "If registered at GoDaddy and the last change is
> newer than 7 days: Go away!"
>

More information about the Blueonyx mailing list