Blacklist TLD
-
- Posts: 3
- Joined: 27 Mar 2020 15:38
Blacklist TLD
I've been attempting to blacklist the .icu TLD, but I've been fairly unsuccessful.
When creating a blacklist entry, I've used .icu as the from entry, and either default or one of my recipient domains (e.g., example.com) as the to entry. In either case, low-scored spam from .icu sails on through. I could lower my spam score again, but I'm trying to avoid catching too much ham. I've also seen a forum posting on how to block/drop .icu mail, but I'd like to record all incoming spam just in case there's eventually a legitimate piece of mail from that TLD.
Am I setting up the blacklist wrong? Any thoughts?
When creating a blacklist entry, I've used .icu as the from entry, and either default or one of my recipient domains (e.g., example.com) as the to entry. In either case, low-scored spam from .icu sails on through. I could lower my spam score again, but I'm trying to avoid catching too much ham. I've also seen a forum posting on how to block/drop .icu mail, but I'd like to record all incoming spam just in case there's eventually a legitimate piece of mail from that TLD.
Am I setting up the blacklist wrong? Any thoughts?
Re: Blacklist TLD
Hello all,
Trying to do the same, so far unsuccessfull.
Any thoughts anyone ??
Regards.
JG
Trying to do the same, so far unsuccessfull.
Any thoughts anyone ??
Regards.
JG
Re: Blacklist TLD
When I added a TLD I did not put a "." in front of it. example: I whitelist .gov so i added "gov" to whitelist. eFa 4.0
-
- Posts: 24
- Joined: 02 Mar 2019 17:04
Re: Blacklist TLD
Hi,
I just added a few domains and extensions to the blacklist using the web interface. This icu TLD I added as icu, without start or dot. It appears in the list on the page as icu default, but incoming icu messages are not marked as blacklisted (supposed to be a black line?). I restarted MailScanner, same result.
When does this blacklist gets in effect?
Thanks
I just added a few domains and extensions to the blacklist using the web interface. This icu TLD I added as icu, without start or dot. It appears in the list on the page as icu default, but incoming icu messages are not marked as blacklisted (supposed to be a black line?). I restarted MailScanner, same result.
When does this blacklist gets in effect?
Thanks
-
- Posts: 24
- Joined: 02 Mar 2019 17:04
Re: Blacklist TLD
Hi,
I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:
https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete
Thank you
I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:
https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete
Thank you
Re: Blacklist TLD
yes you are correct the blacklist isn't blocking TLD's.
Re: Blacklist TLD
Seems we need to make a feature request for this. Also seems someone already fixed this for themselves, I have not tried this to see if it works so use at your own risk.
https://www.pokorra.de/2019/03/mailwatc ... blacklist/
https://www.pokorra.de/2019/03/mailwatc ... blacklist/
Re: Blacklist TLD
EDIT: Deleted, though I thought I had a fix but looking further at source it appears TLD's should be supported. So it might jsut be a small syntax issue. I am working on it, doing some tests
Re: Blacklist TLD
I think i figured it out. For some reason mailwatch treats sub-domains (which TLD's fall under) different from normal domain blockingCitabria79 wrote: ↑05 May 2020 21:38 Hi,
I actually do see mails getting through that are on the blacklist in the webconsole. How do they get in effect? I added icu without dot, like this:
https://localhost/mailscanner/lists.php
Blacklist:
From: To: Action:
icu default Delete
qq.com default Delete
space default Delete
top default Delete
xyz default Delete
Thank you
To block a TLD use syntax
Code: Select all
*.icu
and you have in your blacklist
Code: Select all
b.com
Code: Select all
*.b.com
Code: Select all
*.a.b.com
So needless to say very confusing the way they did it!
-
- Posts: 24
- Joined: 02 Mar 2019 17:04
Re: Blacklist TLD
Thank you for all your efforts. If I understand it correct I should update my list like this:
From: To: Action:
*.icu default Delete => will block all TLD mails from *@whatever.icu.
*.qq.com default Delete => will block all mails from domain *@qq.com, but not *@*.qq.com
*.space default Delete => will block all TLD mails from *@whatever.space.
*.top default Delete => will block all TLD mails from *@whatever.top.
*.xyz default Delete => will block all TLD mails from *@whatever.xyz.
Correct?
From: To: Action:
*.icu default Delete => will block all TLD mails from *@whatever.icu.
*.qq.com default Delete => will block all mails from domain *@qq.com, but not *@*.qq.com
*.space default Delete => will block all TLD mails from *@whatever.space.
*.top default Delete => will block all TLD mails from *@whatever.top.
*.xyz default Delete => will block all TLD mails from *@whatever.xyz.
Correct?
Re: Blacklist TLD
Will delete every email from *@*.qq.com but will allow every email from *@qq.com.*.qq.com