Topic: Email: How to block top-level domain?

[MSmith]

So email trouble continues.  A large portion of what I get purports to come from ".info" domains, and NONE of my legit email does.

How to block an entire top-level domain?  This will become more relevant once .xxx comes online, I think ...

[piran]

So email trouble continues.  A large portion of what I get purports to come from ".info" domains, and NONE of my legit email does. How to block an entire top-level domain?

One simple option would be to do it at the router,
my old Billion does URL blocking in its firewall options.
*.info would be just another entry... if you wanted
a somewhat brutish level of blocking.

[piran]

Take a look at the E-mail WBL contrib.
The last panel in the Black list section.
qmail badmailfrom
If they are honestly from .info this might
do what you appear to want to do. The
contrib always used to say that it was
beta but hasn't misbehaved in my use.
http://wiki.contribs.org/Email_Whitelist-Blacklist_Control

PostEdit: URL

[piran]

You'd have to test whether it takes a *
as I've only ever used the WBL contrib
with specified domains ie without * .

[MSmith]

I should have mentioned that I'm using the "WBL" contrib already, with success.  I don't know what the syntax will be to effectively block ".info" senders but I will experiment.

[Stefano]

MSmith, could you please post the result of

Code: [Select]

config show qpsmtpd

thank you

[MSmith]

qpsmtpd=service
    Bcc=enabled
    BccMode=bcc
    BccUser=maillog
    DNSBL=enabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
    RHSBL=enabled
    RequireResolvableFromHost=yes
    SBLList=dsn.rfc-ignorant.org:dnsbl.sorbs.net:rhsbl.sorbs.net:ex.dnsbl.org:multi.surbl.org
    TlsBeforeAuth=1
    access=public
    qplogsumm=disabled
    status=enabled

[janet]

MSmith

From the contrib screen:
"Check envelope sender addresses. Reject any that appear (@host or user@host) in badmailfrom during the 'mail' stage."

So you will probably have to enter each individual domain as they are identified as "spammers" ie
@thisdomain.info
@anotherdomain.info
@domain3.info
etc etc

[CharlieBrady]

This qpsmtpd plugin allows a badmailpatterns file to be used for "wildmat format" sender addresses:

ftp://ftp.canl.nc/Sharewares/Linux/Network/courrier/anti-spam/qpsmtpd/check_badpatterns..txt

[Stefano]

    RBLList=zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
    SBLList=dsn.rfc-ignorant.org:dnsbl.sorbs.net:rhsbl.sorbs.net:ex.dnsbl.org:multi.surbl.org

I would work on RBLList and SBLList

Code: [Select]

RBLList=bl.spamcop.net:combined.njabl.org:dnsbl.ahbl.org:list.dsbl.org:multihop.dsbl.org:zen.spamhaus.org
SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org

maybe you could add one list at time and see if something changes

[MSmith]

Stefano:  I thought some of those were deprecated, but what the heck, we have lots of bandwidth so I've enabled them all.  We'll see what happens.  I'll also look into the earlytalker issue.  Thanks.