Blacklist TLD

Questions and answers about how to do stuff
Post Reply
fauxfrogbelly
Posts: 3
Joined: 27 Mar 2020 15:38

Blacklist TLD

Post by fauxfrogbelly »

I've been attempting to blacklist the .icu TLD, but I've been fairly unsuccessful.

When creating a blacklist entry, I've used .icu as the from entry, and either default or one of my recipient domains (e.g., example.com) as the to entry. In either case, low-scored spam from .icu sails on through. I could lower my spam score again, but I'm trying to avoid catching too much ham. I've also seen a forum posting on how to block/drop .icu mail, but I'd like to record all incoming spam just in case there's eventually a legitimate piece of mail from that TLD.

Am I setting up the blacklist wrong? Any thoughts?
jogomes
Posts: 21
Joined: 12 Oct 2016 15:59

Re: Blacklist TLD

Post by jogomes »

Hello all,
Trying to do the same, so far unsuccessfull.

Any thoughts anyone ??

Regards.
JG
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: Blacklist TLD

Post by smyers119 »

When I added a TLD I did not put a "." in front of it. example: I whitelist .gov so i added "gov" to whitelist. eFa 4.0
Citabria79
Posts: 24
Joined: 02 Mar 2019 17:04

Re: Blacklist TLD

Post by Citabria79 »

Hi,

I just added a few domains and extensions to the blacklist using the web interface. This icu TLD I added as icu, without start or dot. It appears in the list on the page as icu default, but incoming icu messages are not marked as blacklisted (supposed to be a black line?). I restarted MailScanner, same result.

When does this blacklist gets in effect?

Thanks
Citabria79
Posts: 24
Joined: 02 Mar 2019 17:04

Re: Blacklist TLD

Post by Citabria79 »

Hi,

I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:

https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete

Thank you
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: Blacklist TLD

Post by smyers119 »

yes you are correct the blacklist isn't blocking TLD's.
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: Blacklist TLD

Post by smyers119 »

Seems we need to make a feature request for this. Also seems someone already fixed this for themselves, I have not tried this to see if it works so use at your own risk.
https://www.pokorra.de/2019/03/mailwatc ... blacklist/
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: Blacklist TLD

Post by smyers119 »

EDIT: Deleted, though I thought I had a fix but looking further at source it appears TLD's should be supported. So it might jsut be a small syntax issue. I am working on it, doing some tests
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: Blacklist TLD

Post by smyers119 »

Citabria79 wrote: 05 May 2020 21:38 Hi,

I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:

https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete

Thank you
I think i figured it out. For some reason mailwatch treats sub-domains (which TLD's fall under) different from normal domain blocking
To block a TLD use syntax

Code: Select all

*.icu
If you receive mail from spam@a.b.com
and you have in your blacklist

Code: Select all

b.com
then this spam will not get bocked. the correct syntax would be

Code: Select all

*.b.com
BUT if you had

Code: Select all

*.a.b.com
then a.b.com would not be blocked.

So needless to say very confusing the way they did it!
Citabria79
Posts: 24
Joined: 02 Mar 2019 17:04

Re: Blacklist TLD

Post by Citabria79 »

Thank you for all your efforts. If I understand it correct I should update my list like this:

From: To: Action:
*.icu default Delete => will block all TLD mails from *@whatever.icu.
*.qq.com default Delete => will block all mails from domain *@qq.com, but not *@*.qq.com
*.space default Delete => will block all TLD mails from *@whatever.space.
*.top default Delete => will block all TLD mails from *@whatever.top.
*.xyz default Delete => will block all TLD mails from *@whatever.xyz.

Correct?
smyers119
Posts: 108
Joined: 29 Nov 2019 11:36

Re: Blacklist TLD

Post by smyers119 »

*.qq.com
Will delete every email from *@*.qq.com but will allow every email from *@qq.com.
Post Reply