How to block entire TLD inbound our outbound

Discuss here all what concerns the MailCleaner anti-spam efficiency, share your rulesets and tips for SpamAssassin !

Moderators: FlorianB, Pascal, bourgeois, mentor

User avatar
CCGTECH
Posts: 92
Joined: Thu Apr 25, 2013 4:59 am
How did you hear about Mailcleaner: open source community
Location: West Hollywood, CA

How to block entire TLD inbound our outbound

Postby CCGTECH » Wed Mar 25, 2015 3:56 am

How can I block an entire TLD silently in MC? I'd like to block everything from .work. Thanks.
del
Posts: 497
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: AW: How to block entire TLD inbound our outbound

Postby del » Sat Mar 28, 2015 2:38 pm

you can try config->smtp->reject sender and add *@*.work
aevans
Posts: 6
Joined: Mon Mar 16, 2015 6:46 pm
How did you hear about Mailcleaner: Google

Re: AW: How to block entire TLD inbound our outbound

Postby aevans » Tue Mar 31, 2015 3:52 pm

del wrote:you can try config->smtp->reject sender and add *@*.work


I can confirm this works, thanks del.

I was using a custom spamassasin rule with a score of 5 but this seems to be a better route.
User avatar
CCGTECH
Posts: 92
Joined: Thu Apr 25, 2013 4:59 am
How did you hear about Mailcleaner: open source community
Location: West Hollywood, CA

Re: How to block entire TLD inbound our outbound

Postby CCGTECH » Wed Apr 01, 2015 6:14 pm

thanks, del.

I've added the following to the reject sender list

*@*.work
*@*.science


What is the propery syntax to reject all email from senders with a specific word in the address field? For example, if I want to reject any sender address with the word BRAINBOOST or DIET. most of this junk has common words in the sender address.
User avatar
CCGTECH
Posts: 92
Joined: Thu Apr 25, 2013 4:59 am
How did you hear about Mailcleaner: open source community
Location: West Hollywood, CA

Re: How to block entire TLD inbound our outbound

Postby CCGTECH » Wed Apr 01, 2015 6:19 pm

I noticed on the incoming spool, all this spam has a null value in the from address. Can someone explain the cause of this?
Attachments
spam6.jpg
spam6.jpg (181.34 KiB) Viewed 4687 times
ics
Posts: 66
Joined: Wed Sep 03, 2014 11:05 am
How did you hear about Mailcleaner: googling

Re: How to block entire TLD inbound our outbound

Postby ics » Thu Apr 16, 2015 10:34 am

Hi CCGTECH,

Did you manage to get the reject sender list working ?
For me it works with:
*@*.work
*@*.science
but not with:
*iphone*.us
*smartphone*.us
*android*.us

and I don't understand why since months now...
Do you have similar entries in your list ?
User avatar
CCGTECH
Posts: 92
Joined: Thu Apr 25, 2013 4:59 am
How did you hear about Mailcleaner: open source community
Location: West Hollywood, CA

Re: How to block entire TLD inbound our outbound

Postby CCGTECH » Tue May 19, 2015 10:37 pm

Hi Ics,

I was hoping the MC crew could elaborate on proper syntax for filtering TLD's and specific words in sender addresses.

I've added the following thus far,

*@*.work
*@*.science
*@*.ninja
*@*.cricket
*@*.website
*@*.elephantoutlook.com
*@*.aibrokers.net
*@*.ezzi.net
*@*.mktomail.com
*@*.marketo.org

Also, I have an extensive list of blocked IP addresses that is working very well with zero false positives. 99% of spam is being blocked now for me.

viewtopic.php?f=3&t=2228
Bookworm
Posts: 44
Joined: Thu Apr 30, 2015 3:02 am
How did you hear about Mailcleaner: Web search through forums

Re: How to block entire TLD inbound our outbound

Postby Bookworm » Fri Jun 12, 2015 9:37 pm

If it follows standard regular expression syntax, then you could do something like this.

*diet*@*.*

(it can't be full regular syntax, or '.' would have to be escaped with \ )

However, there's a difference between

*@*.emiles.com
and
*@emiles.com

The first is for all third level domains of emiles.com. The other is for emails _only_ of emiles.com. They don't overlap.
cgrayHappyMac
Posts: 12
Joined: Wed Jan 14, 2015 3:54 pm
How did you hear about Mailcleaner: peer

Re: How to block entire TLD inbound our outbound

Postby cgrayHappyMac » Thu Nov 17, 2016 2:41 pm

I've been trying to figure this out for weeks now, to no avail.
I'm getting hit with a ton of spam from a variety of domains from the .top TLD
I'd like to block the whole TLD, but spam continues to be received despite settings which seem to be correct.

E.g.

Code: Select all

Return-Path: <Dr.Al.Sears-MD@hearty.drumxah.top>
...
Received: from fx9p4bsn.hofaz.win ([85.204.49.80] helo=hearty.drumxah.top)
   by mailcleaner.mydomain.com stage1 with esmtp
   (Exim MailCleaner)
   id 1c7BWg-0004uz-3c
   for <me@mydomain.com>
   from <Dr.Al.Sears-MD@hearty.drumxah.top>; Wed, 16 Nov 2016 20:30:07 -0500
...
From: Dr. Al Sears, MD <Dr.Al.Sears-MD@hearty.drumxah.top>


I've been trying to block the whole TLD to no avail.

Configuration -> SMTP -> Connection Control -> Reject these senders addresses:
*@*.top
*.top>
.top
*@*.*.top

Configuration -> Anti-Spam -> Global Settings -> (warn list entries):
*.top
.top

I suspect something wrong with my wildcard syntax. It would be wonderful if this was documented somewhere.
Anyone got an idea?
cglmicro
Posts: 257
Joined: Thu Mar 07, 2013 2:12 am
How did you hear about Mailcleaner: google

Re: How to block entire TLD inbound our outbound

Postby cglmicro » Sat Nov 19, 2016 9:25 pm

Hi CGRAY.

How about a custom rule in SpamAssassin like:

Code: Select all

uri      LOCAL_BODY_TLDBADREP /http\:\/\/[a-zA-Z0-9\-\.]{0,100}\.(science|stream|download|top|gdn|club)\b/i
describe LOCAL_BODY_TLDBADREP Body contain a domain name extension frequently use in spam
score    LOCAL_BODY_TLDBADREP 2.5


I went ahead by adding the top 5 actual TLD with the worst reputation has SPAMHAUS reports here: https://www.spamhaus.org/statistics/tlds/. I've added CLUB because I saw so many recently.

This way, it won't get rejected, and your user will be able to whitelist domains with these TLDs that they still want to receive. Also, when it's from an HTTPS site, the rule won't trigger.

EDITED ON 2016-11-25: I've added \b at the end of my rule so it won't find the tld .CO in an URL like www.test.COm

Return to “Filter efficiency”

Who is online

Users browsing this forum: No registered users and 2 guests