Page 1 of 1

Blacklist TLD

Posted: 27 Mar 2020 15:45
by fauxfrogbelly
I've been attempting to blacklist the .icu TLD, but I've been fairly unsuccessful.

When creating a blacklist entry, I've used .icu as the from entry, and either default or one of my recipient domains (e.g., example.com) as the to entry. In either case, low-scored spam from .icu sails on through. I could lower my spam score again, but I'm trying to avoid catching too much ham. I've also seen a forum posting on how to block/drop .icu mail, but I'd like to record all incoming spam just in case there's eventually a legitimate piece of mail from that TLD.

Am I setting up the blacklist wrong? Any thoughts?

Re: Blacklist TLD

Posted: 29 Mar 2020 07:29
by jogomes
Hello all,
Trying to do the same, so far unsuccessfull.

Any thoughts anyone ??

Regards.
JG

Re: Blacklist TLD

Posted: 13 Apr 2020 00:13
by smyers119
When I added a TLD I did not put a "." in front of it. example: I whitelist .gov so i added "gov" to whitelist. eFa 4.0

Re: Blacklist TLD

Posted: 02 May 2020 15:42
by Citabria79
Hi,

I just added a few domains and extensions to the blacklist using the web interface. This icu TLD I added as icu, without start or dot. It appears in the list on the page as icu default, but incoming icu messages are not marked as blacklisted (supposed to be a black line?). I restarted MailScanner, same result.

When does this blacklist gets in effect?

Thanks

Re: Blacklist TLD

Posted: 05 May 2020 21:38
by Citabria79
Hi,

I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:

https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete

Thank you

Re: Blacklist TLD

Posted: 05 May 2020 22:54
by smyers119
yes you are correct the blacklist isn't blocking TLD's.

Re: Blacklist TLD

Posted: 05 May 2020 23:01
by smyers119
Seems we need to make a feature request for this. Also seems someone already fixed this for themselves, I have not tried this to see if it works so use at your own risk.
https://www.pokorra.de/2019/03/mailwatc ... blacklist/

Re: Blacklist TLD

Posted: 05 May 2020 23:37
by smyers119
EDIT: Deleted, though I thought I had a fix but looking further at source it appears TLD's should be supported. So it might jsut be a small syntax issue. I am working on it, doing some tests

Re: Blacklist TLD

Posted: 06 May 2020 02:20
by smyers119
Citabria79 wrote: 05 May 2020 21:38 Hi,

I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:

https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete

Thank you
I think i figured it out. For some reason mailwatch treats sub-domains (which TLD's fall under) different from normal domain blocking
To block a TLD use syntax

Code: Select all

*.icu
If you receive mail from spam@a.b.com
and you have in your blacklist

Code: Select all

b.com
then this spam will not get bocked. the correct syntax would be

Code: Select all

*.b.com
BUT if you had

Code: Select all

*.a.b.com
then a.b.com would not be blocked.

So needless to say very confusing the way they did it!

Re: Blacklist TLD

Posted: 06 May 2020 09:37
by Citabria79
Thank you for all your efforts. If I understand it correct I should update my list like this:

From: To: Action:
*.icu default Delete => will block all TLD mails from *@whatever.icu.
*.qq.com default Delete => will block all mails from domain *@qq.com, but not *@*.qq.com
*.space default Delete => will block all TLD mails from *@whatever.space.
*.top default Delete => will block all TLD mails from *@whatever.top.
*.xyz default Delete => will block all TLD mails from *@whatever.xyz.

Correct?

Re: Blacklist TLD

Posted: 06 May 2020 10:24
by smyers119
*.qq.com
Will delete every email from *@*.qq.com but will allow every email from *@qq.com.