Results 1 to 3 of 3

Thread: how to reject emails from TLD by using *.wildcard in /etc/virtual/blacklist_domains

  1. #1
    Join Date
    Aug 2019
    Posts
    2

    how to reject emails from TLD by using *.wildcard in /etc/virtual/blacklist_domains

    Hi,

    I want to block emails for the TLD: .icu / .website by using a wildcard in /etc/virtual/blacklist_domains.

    It does not work. Has someone an idea how to get it working/debugged?

    FILES information:

    I put in /etc/virtual/blacklist_domains:
    *.website
    *.icu

    In /etc/exim.conf:
    domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
    BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
    senders = +blacklist_senders
    sender_domains = !+blacklist_domains
    sender_domains = +blacklist_domains

    Server: Linux ns3.sitetreeserver.nl 2.6.32-042stab139.1 #1 SMP Tue Jun 18 12:51:14 MSK 2019 x86_64 x86_64 x86_64 GNU/Linux

    Email (which should be blocked):

    From - Mon Aug 12 13:09:20 2019
    X-Account-Key: account17
    X-UIDL: 000112925568a2c5
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:
    Return-Path: <elena@datefinance.website>
    Delivered-To: peter@3pfotografie.nl
    Received: from ns3.sitetreeserver.nl
    by ns3.sitetreeserver.nl with LMTP
    id fh1hH6pHUV15KgAAPTwCzw
    (envelope-from <elena@datefinance.website>)
    for <peter@3pfotografie.nl>; Mon, 12 Aug 2019 13:04:10 +0200
    Return-path: <elena@datefinance.website>
    Received: from word.datefinance.website ([54.39.84.197])
    by ns3.sitetreeserver.nl with esmtps (TLSv1.2:AECDH-AES256-SHA:256)
    (Exim 4.92)
    (envelope-from <elena@datefinance.website>)
    id 1hx87V-00036Q-G1
    for peter@3pfotografie.nl; Mon, 12 Aug 2019 13:04:10 +0200
    Received: from mail.gumgym.icu (localhost [127.0.0.1])
    by mail.gumgym.icu (Postfix) with ESMTP id 466XzC6SJ3z26nXq
    for <peter@3pfotografie.nl>; Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
    Authentication-Results: mail.gumgym.icu (amavisd-new);
    dkim=pass (1024-bit key) reason="pass (just generated, assumed good)"
    header.d=gumgym.icu
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gumgym.icu; h=
    list-id:list-unsubscriberecedence:content-type:content-type
    :mime-version:to:reply-to:from:from:subject:subject:date:date
    :message-id; s=dkim; t=1565607847; x=1568199848; bh=lqAikaLNmD8H
    cPEP9+xigKJJFYmoUrKYZd+2I3ngAQA=; b=a8n65iwxM8S8rqT/pCaMvRAhF2CC
    ZjCQjDhmDMqGun9uEUZxRS27z9KHfwcz4UBKonFL2DOjKV3ibNwoknU4NZSymioG
    //bjzbCyZR3ZgpTVo7FotHLPs5FlmYhSROVDTa8Fbvz9AM8FH7VfgmHCLCn+BXiE
    IC3tWscAKaJRRiE=
    X-Virus-Scanned: amavisd-new at mail.gumgym.icu
    X-Spam-Flag: NO
    X-Spam-Score: 2.66
    X-Spam-Level: **
    X-Spam-Status: No, score=2.66 tagged_above=2 required=6.2
    tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, HTML_MESSAGE=0.001,
    MAILING_LIST_MULTI=-1, RAZOR2_CF_RANGE_51_100=1.886,
    RAZOR2_CHECK=0.922, URIBL_ABUSE_SURBL=1.25, URIBL_BLOCKED=0.001,
    URIBL_DBL_SPAM=2.5] autolearn=no autolearn_force=no
    Received: from mail.gumgym.icu ([127.0.0.1])
    by mail.gumgym.icu (mail.gumgym.icu [127.0.0.1]) (amavisd-new, port 10026)
    with ESMTP id L3ZEG_-Dt1Kg for <peter@3pfotografie.nl>;
    Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
    Received: from global.techwrestle.com (ns565857.ip-51-79-17.net [51.79.17.112])
    by mail.gumgym.icu (Postfix) with ESMTPSA id 466XzC18vYz26nY3
    for <peter@3pfotografie.nl>; Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
    Message-ID: <1bfd0501534cf5dc7acfb648b7140f39@datefinance.website>
    Date: Mon, 12 Aug 2019 11:04:07 +0000
    Subject: Zonnepanelen zonder investering nu mogelijk
    From: Het Landelijk Energiecollectief <elena@datefinance.website>
    Reply-To: Het Landelijk Energiecollectief <elena@datefinance.website>
    To: "peter@3pfotografie.nl" <peter@3pfotografie.nl>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="_=_swift_v4_1565607847_9cc65c281611e25f358b1746eb76d2d9_=_"
    X-Wgxb-Tracking-Did: 265
    X-Wgxb-Subscriber-Uid: gv3616vkst654
    X-Wgxb-Mailer: SwiftMailer - 5.4.x
    X-Wgxb-EBS: http://tell.offroadsky.info/index.ph.../block-address
    X-Wgxb-Delivery-Sid: 117
    X-Wgxb-Customer-Uid: lc946a1m5b6b7
    X-Wgxb-Customer-Gid: 0
    X-Wgxb-Campaign-Uid: pr5581gz69660
    X-Sender: elena@datefinance.website
    X-Report-Abuse: Please report abuse for this campaign here:
    http://tell.offroadsky.info/index.ph.../gv3616vkst654
    X-Receiver: peter@3pfotografie.nl
    Precedence: bulk
    List-Unsubscribe: <http://tell.offroadsky.info/index.php/lists/ov272cf5y5378/unsubscribe/gv3616vkst654/pr5581gz69660/unsubscribe-direct?source=email-client-unsubscribe-button>,
    <mailto:elena@datefinance.website?subject=Campaign-Uidr5581gz69660 /
    Subscriber-Uid:gv3616vkst654 - Unsubscribe request&body=Please unsubscribe
    me!>
    List-Id: ov272cf5y5378 <ALLOPN7>
    Feedback-ID: pr5581gz69660:gv3616vkst654v272cf5y5378:lc946a1m5b6b7
    Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 54.39.84.197, -10 Spam score
    SPFCheck: Server passes SPF test, -30 Spam score
    X-DKIM: signer='gumgym.icu' status='pass' reason=''
    DKIMCheck: Server passes DKIM test, -20 Spam score
    X-Spam-Score: 2.1 (++)
    X-Spam-Report: Spam detection software, running on the system "ns3.sitetreeserver.nl",
    has NOT identified this incoming email as spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    the administrator of that system for details.

    Content preview: Zonnepanelen op je dak zonder hoge investering. Hoe werkt
    dat? http://tell.offroadsky.info/index.ph...dadee5aa58e141
    http://tel [...]

    Content analysis details: (2.1 points, 5.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
    blocked. See
    http://wiki.apache.org/spamassassin/...ts#dnsbl-block
    for more information.
    [URIs: gumgym.icu]
    5.0 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
    blocklist
    [URIs: techwrestle.com]
    -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
    [score: 0.0000]
    0.0 HTML_MESSAGE BODY: HTML included in message
    -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
    0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
    valid
    -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
    manager
    SpamTally: Final spam score: -39

  2. #2
    Join Date
    Jun 2019
    Posts
    115
    Well... you're not actually doing anything with the list. Although, I also can't be certain if the list is being constructed correctly.

    domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
    BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
    senders = +blacklist_senders
    sender_domains = !+blacklist_domains
    sender_domains = +blacklist_domains


    All this is doing is creating a list of blacklisted domain names or TLDs.

    You need to add something to the acl_smtp_rcpt ACL to act up on this data

    Maybe

    deny
    sender_domains = +blacklist_domains
    message = ${lc:$sender_address} is blacklisted
    log_message = ${lc:$sender_address} is blacklisted

  3. #3
    Join Date
    Aug 2019
    Posts
    2
    Thanks for mentioning ACL.

    I changed the ACL acl_check_recipient. Now its working fine.

    Emails are blocked by EXIM:

    Reporting-MTA: dns; smtpq1.tb.mail.iss.as9143.net

    Action: failed
    Final-Recipient: rfc822;peter@sitetree.nl
    Status: 5.0.0
    Remote-MTA: dns; mail.sitetree.nl
    Diagnostic-Code: smtp; 554 denied. 5.7.1 Domain Blocked due to SPAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •