[BlueOnyx:24718] Re: Block By Domain Name Extension

[Michael Stauber]

Hi David,

> Is it possible to block by Domain Name Extension on a 5210R?
> 
> Allow...
> 
> WHOIS_TLD: Sender's Email-Address has TLD 'COM', which we allow.
> 
> Deny.. by Doman Name TLE?
> 
> eg; *.casa
> 
> Can't seem to find where to configure the domain name extensions.


This is a function in Milter-GeoIP, which is part of the AV-SPAM.

In the GUI under "Server Management" / "Network Services" / "AV-SPAM" in
the "GeoIP"-tab there is the checkbox "WHOIS checks".

When you tick that, it expands and shows two more checkboxes:

- Block fresh WHOIS
- Block national TLDs

The "Block fresh WHOIS" allows to block emails from domains who have
been registered (or renewed or changed) within the last seven days. This
doesn't work 100% reliably, as some TLDs have WHOIS outputs in
unexpected formats. But for run of the mill registrars such as GoDaddy
and the other big players it usually works quite well.

The other checkbox "Block national TLDs" is (sort of) what you're
looking for. Say in the GeoIP "Blacklist" further below on that page you
block "CN" (China). Then GeoIP will block all emails from IP's that are
(according to the GeoIP address database) originating from Chinese IPs.

If you tick the checkbox "Block national TLDs", then this would also
block any emails from the Chinese national TLD (like: <user>@<blah>.cn).
Even if they were sent from IP's not originating in China.

At this time this only takes the national TLDs into account and
something like *.casa isn't covered. But I could easily add provisions
that allow you to define TLDs that you want to block as well - if you'd
like to have them.

-- 
With best regards

Michael Stauber