block top level domain

torment

Verified User
Joined
Jan 10, 2007
Messages
13
Hi,
i want block top level domains like *.date or *.loan , i have added this in blacklist_* , but thats not helped me.
i have try with system_filter.exim this was negative too.

.date
.loan
*.date
*.loan

Please any advise ?
 

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
454
Location
Arnhem, NL
To block incoming emails from TLD for a specific user go to:

User Level -> SpamAssassin -> E-mail blacklist

Enter one per line:

*@*.loan
*@*.date

This is for specific users, I don't know exactly how to block these system wide.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
To block them globally add it to /etc/virtual/blacklist_domains - for example add:

*.date

It works for me.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,686
Location
Maastricht
The way ditto says is indeed the easiest and works fine. Next to that in contrary to exim.pl it won't be overwritten by an update.
I've got those in there too, works fine indeed:
*.date
*.loan
*.website
 

torment

Verified User
Joined
Jan 10, 2007
Messages
13
i have added like this and make this but nothing change :(

/etc/virtual/blacklist_domains
.date
.loan
*.date
*.loan
*@*.loan
*@*.date
 

torment

Verified User
Joined
Jan 10, 2007
Messages
13
off course i have restart exim , what i make :

/etc/virtual/blacklist_domains
.date
.loan
*.date
*.loan
*@*.loan
*@*.date

add this line to exim.pl link

if ($username eq "userwithrudomain") { return 1; }

after 2 days %80 blocked .date spam mails.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,252
Location
GMT +7.00
There is no need to use it at all. It was an example with a fake username:

Code:
if ($username eq "userwithrudomain") { return 1; }

and here
userwithrudomain should be replaced by a real username for which you want to block SMTP.
 

torment

Verified User
Joined
Jan 10, 2007
Messages
13
There is no need to use it at all. It was an example with a fake username:

Code:
if ($username eq "userwithrudomain") { return 1; }

and here
userwithrudomain should be replaced by a real username for which you want to block SMTP.

i have add this line for example, really look like this;

if ($username eq "*.date") { return 1; }
if ($username eq ".date") { return 1; }
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,252
Location
GMT +7.00
Do you really have hosting users on your server with names "*.date" and/or ".date"? Username and domain name are different words, and they have different meanings.

The file /etc/virtual/blacklist_domains is what you need to use, if the things do not work as they should make sure you've got the latest exim.conf 4.5x and the file /etc/virtual/blacklist_domains has the correct permissions:

Code:
[/COLOR]-r--r-----. 1 mail mail 27 Jun 18  2017 /etc/virtual/blacklist_domains

if still emails are not blocked, then you need to check email headers, as they might have different domain in "envelope-from" and "from" headers. Exim tests matches against sender's domain, and sender addresses are easily, and commonly, forged.

Exim on Directadmin servers is configured to use nwildlsearch to find matches in /etc/virtual/blacklist_domains. It means each key in the file may be wildcarded domain. The file should contain domains, not email addresses, i.e. lines without @ should be used.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,252
Location
GMT +7.00
Hello,

To block them globally add it to /etc/virtual/blacklist_domains - for example add:

*.date

It works for me.

I'm not sure what I did wrong this way it did not work for me. Is still working for you under exim.conf 4.5? In my case emails are not blocked if their `from` header contains an address with domain.date

The files


* /etc/virtual/blacklist_domains
* /etc/virtual/blacklist_senders


does not work with masks:


Code:
*@*.date
*.date

in my case.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,686
Location
Maastricht
Well I'm very confused now.

Jeff also wrote in the past that Wildcards wouldn't work.
But in another thread of my I had the same problem and Directadmin Support wrote that I had to use wildcards?
https://forum.directadmin.com/showthread.php?t=55306&p=283397#post283397

I pointed out the answer which Jeff gave and this is what DA support answered to that:
The exim.conf versions have come a long way; they now support wildcards in certain areas. Just check the exim.conf to see if the load of the file in question is nwildsearch or something containing "wild".

I had them for a long time, I thought they were working.
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
Without studying the log files, I can't say for sure. But I _think_ wildcard on top level domains (*.date) in /etc/virtual/blacklist_domains still works for me, as I have not seen any spam from the top level domains that I have blocked. I am running exim.conf 4.5.12
 
Last edited:

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,686
Location
Maastricht
I don't want to give the impression that I don't believe people. I can't test it very good myself. It seems to work.

I just want to say that if it does not work, then according to the reply's of DA staff, it must be a bug or something.
 

solokazama

New member
Joined
Feb 9, 2018
Messages
4
Sorry for answering old thread but wanted to block top level domain and wildcards worked:

blocked domain (its a free spam domain): *.ICU


2019-04-22 15:00:59 H=archivist.arkeolojimsi.com (archivist.jansewasociety.icu) [185.149.235.12] F=<jadwigaqdphfddflis@jansewasociety.icu> rejected RCPT <xxx@xxxxxxx>: 554 denied. 5.7.1 Domain Blocked due to SPAM

in:
/etc/virtual/blacklist_domains

added line (it has more lines of course):
*.icu

all seems to work fine

DA version 1.51.3
 

needhelppp

Verified User
Joined
Jul 1, 2020
Messages
74
Would this also work if I need to block a domain name like domain.com, but not the top level like .com?

And is it just me, or does it makes sense having a Feature to block spamming domains/IPs globally with a funcion to enable extra feature that blocks spam globally, when a user blocks it locally?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,686
Location
Maastricht
Yes you can also use this to block domain.com if you want. Because this is a full domain name, sites like otherdomain.com will be allowed to pass.

As for your suggestion, I wouldn't personally like this. I'd rather go with ESF, Blockcracking, spamassassin and RBL's to filter mail.
Because experience with hotmail has learned me that users are not always trustworthy to mark things as spam. I've had lots of users on for example hotmail, which declared "new post" notifications of forums or Wordpress sites and even birthday messages as spam, instead of just disabling their notification settings or ask the owner to remove their account.
So this could result in false positives of spam and maybe also hard to delist if it's indeed legitimate mail.
 
Top