Page 1 of 1
Blacklist TLD
Posted: 27 Mar 2020 15:45
by fauxfrogbelly
I've been attempting to blacklist the .icu TLD, but I've been fairly unsuccessful.
When creating a blacklist entry, I've used .icu as the from entry, and either default or one of my recipient domains (e.g., example.com) as the to entry. In either case, low-scored spam from .icu sails on through. I could lower my spam score again, but I'm trying to avoid catching too much ham. I've also seen a forum posting on how to block/drop .icu mail, but I'd like to record all incoming spam just in case there's eventually a legitimate piece of mail from that TLD.
Am I setting up the blacklist wrong? Any thoughts?
Re: Blacklist TLD
Posted: 29 Mar 2020 07:29
by jogomes
Hello all,
Trying to do the same, so far unsuccessfull.
Any thoughts anyone ??
Regards.
JG
Re: Blacklist TLD
Posted: 13 Apr 2020 00:13
by smyers119
When I added a TLD I did not put a "." in front of it. example: I whitelist .gov so i added "gov" to whitelist. eFa 4.0
Re: Blacklist TLD
Posted: 02 May 2020 15:42
by Citabria79
Hi,
I just added a few domains and extensions to the blacklist using the web interface. This icu TLD I added as icu, without start or dot. It appears in the list on the page as icu default, but incoming icu messages are not marked as blacklisted (supposed to be a black line?). I restarted MailScanner, same result.
When does this blacklist gets in effect?
Thanks
Re: Blacklist TLD
Posted: 05 May 2020 21:38
by Citabria79
Hi,
I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:
https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete
Thank you
Re: Blacklist TLD
Posted: 05 May 2020 22:54
by smyers119
yes you are correct the blacklist isn't blocking TLD's.
Re: Blacklist TLD
Posted: 05 May 2020 23:01
by smyers119
Seems we need to make a feature request for this. Also seems someone already fixed this for themselves, I have not tried this to see if it works so use at your own risk.
https://www.pokorra.de/2019/03/mailwatc ... blacklist/
Re: Blacklist TLD
Posted: 05 May 2020 23:37
by smyers119
EDIT: Deleted, though I thought I had a fix but looking further at source it appears TLD's should be supported. So it might jsut be a small syntax issue. I am working on it, doing some tests
Re: Blacklist TLD
Posted: 06 May 2020 02:20
by smyers119
Citabria79 wrote: ↑05 May 2020 21:38
Hi,
I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:
https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete
Thank you
I think i figured it out. For some reason mailwatch treats sub-domains (which TLD's fall under) different from normal domain blocking
To block a TLD use syntax
If you receive mail from
spam@a.b.com
and you have in your blacklist
then this spam will not get bocked. the correct syntax would be
BUT if you had
then a.b.com would not be blocked.
So needless to say very confusing the way they did it!
Re: Blacklist TLD
Posted: 06 May 2020 09:37
by Citabria79
Thank you for all your efforts. If I understand it correct I should update my list like this:
From: To: Action:
*.icu default Delete => will block all TLD mails from *@whatever.icu.
*.qq.com default Delete => will block all mails from domain *@qq.com, but not *@*.qq.com
*.space default Delete => will block all TLD mails from *@whatever.space.
*.top default Delete => will block all TLD mails from *@whatever.top.
*.xyz default Delete => will block all TLD mails from *@whatever.xyz.
Correct?
Re: Blacklist TLD
Posted: 06 May 2020 10:24
by smyers119
*.qq.com
Will delete every email from *@*.qq.com but will allow every email from *@qq.com.