how to reject emails from TLD by using *.wildcard in /etc/virtual/blacklist_domains

sitetree

New member
Joined
Aug 12, 2019
Messages
2
Hi,

I want to block emails for the TLD: .icu / .website by using a wildcard in /etc/virtual/blacklist_domains.

It does not work. Has someone an idea how to get it working/debugged?

FILES information:

I put in /etc/virtual/blacklist_domains:
*.website
*.icu

In /etc/exim.conf:
domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
senders = +blacklist_senders
sender_domains = !+blacklist_domains
sender_domains = +blacklist_domains

Server: Linux ns3.sitetreeserver.nl 2.6.32-042stab139.1 #1 SMP Tue Jun 18 12:51:14 MSK 2019 x86_64 x86_64 x86_64 GNU/Linux

Email (which should be blocked):

From - Mon Aug 12 13:09:20 2019
X-Account-Key: account17
X-UIDL: 000112925568a2c5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from ns3.sitetreeserver.nl
by ns3.sitetreeserver.nl with LMTP
id fh1hH6pHUV15KgAAPTwCzw
(envelope-from <[email protected]>)
for <[email protected]>; Mon, 12 Aug 2019 13:04:10 +0200
Return-path: <[email protected]>
Received: from word.datefinance.website ([54.39.84.197])
by ns3.sitetreeserver.nl with esmtps (TLSv1.2:AECDH-AES256-SHA:256)
(Exim 4.92)
(envelope-from <[email protected]>)
id 1hx87V-00036Q-G1
for [email protected]; Mon, 12 Aug 2019 13:04:10 +0200
Received: from mail.gumgym.icu (localhost [127.0.0.1])
by mail.gumgym.icu (Postfix) with ESMTP id 466XzC6SJ3z26nXq
for <[email protected]>; Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
Authentication-Results: mail.gumgym.icu (amavisd-new);
dkim=pass (1024-bit key) reason="pass (just generated, assumed good)"
header.d=gumgym.icu
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gumgym.icu; h=
list-id:list-unsubscribe:precedence:content-type:content-type
:mime-version:to:reply-to:from:from:subject:subject:date:date
:message-id; s=dkim; t=1565607847; x=1568199848; bh=lqAikaLNmD8H
cPEP9+xigKJJFYmoUrKYZd+2I3ngAQA=; b=a8n65iwxM8S8rqT/pCaMvRAhF2CC
ZjCQjDhmDMqGun9uEUZxRS27z9KHfwcz4UBKonFL2DOjKV3ibNwoknU4NZSymioG
//bjzbCyZR3ZgpTVo7FotHLPs5FlmYhSROVDTa8Fbvz9AM8FH7VfgmHCLCn+BXiE
IC3tWscAKaJRRiE=
X-Virus-Scanned: amavisd-new at mail.gumgym.icu
X-Spam-Flag: NO
X-Spam-Score: 2.66
X-Spam-Level: **
X-Spam-Status: No, score=2.66 tagged_above=2 required=6.2
tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, HTML_MESSAGE=0.001,
MAILING_LIST_MULTI=-1, RAZOR2_CF_RANGE_51_100=1.886,
RAZOR2_CHECK=0.922, URIBL_ABUSE_SURBL=1.25, URIBL_BLOCKED=0.001,
URIBL_DBL_SPAM=2.5] autolearn=no autolearn_force=no
Received: from mail.gumgym.icu ([127.0.0.1])
by mail.gumgym.icu (mail.gumgym.icu [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id L3ZEG_-Dt1Kg for <[email protected]>;
Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
Received: from global.techwrestle.com (ns565857.ip-51-79-17.net [51.79.17.112])
by mail.gumgym.icu (Postfix) with ESMTPSA id 466XzC18vYz26nY3
for <[email protected]>; Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
Message-ID: <[email protected]>
Date: Mon, 12 Aug 2019 11:04:07 +0000
Subject: Zonnepanelen zonder investering nu mogelijk
From: Het Landelijk Energiecollectief <[email protected]>
Reply-To: Het Landelijk Energiecollectief <[email protected]>
To: "[email protected]" <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_v4_1565607847_9cc65c281611e25f358b1746eb76d2d9_=_"
X-Wgxb-Tracking-Did: 265
X-Wgxb-Subscriber-Uid: gv3616vkst654
X-Wgxb-Mailer: SwiftMailer - 5.4.x
X-Wgxb-EBS: http://tell.offroadsky.info/index.php/lists/block-address
X-Wgxb-Delivery-Sid: 117
X-Wgxb-Customer-Uid: lc946a1m5b6b7
X-Wgxb-Customer-Gid: 0
X-Wgxb-Campaign-Uid: pr5581gz69660
X-Sender: [email protected]
X-Report-Abuse: Please report abuse for this campaign here:
http://tell.offroadsky.info/index.p...9660/report-abuse/ov272cf5y5378/gv3616vkst654
X-Receiver: [email protected]
Precedence: bulk
List-Unsubscribe: <http://tell.offroadsky.info/index.php/lists/ov272cf5y5378/unsubscribe/gv3616vkst654/pr5581gz69660/unsubscribe-direct?source=email-client-unsubscribe-button>,
<mailto:[email protected]?subject=Campaign-Uid:pr5581gz69660 /
Subscriber-Uid:gv3616vkst654 - Unsubscribe request&body=Please unsubscribe
me!>
List-Id: ov272cf5y5378 <ALLOPN7>
Feedback-ID: pr5581gz69660:gv3616vkst654:eek:v272cf5y5378:lc946a1m5b6b7
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 54.39.84.197, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-DKIM: signer='gumgym.icu' status='pass' reason=''
DKIMCheck: Server passes DKIM test, -20 Spam score
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "ns3.sitetreeserver.nl",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Zonnepanelen op je dak zonder hoge investering. Hoe werkt
dat? http://tell.offroadsky.info/index.p...t654/7744bf47c858cbd26a3ac29c22dadee5aa58e141
http://tel [...]

Content analysis details: (2.1 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: gumgym.icu]
5.0 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: techwrestle.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
SpamTally: Final spam score: -39
 

sparek

Verified User
Joined
Jun 27, 2019
Messages
188
Well... you're not actually doing anything with the list. Although, I also can't be certain if the list is being constructed correctly.

domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
senders = +blacklist_senders
sender_domains = !+blacklist_domains
sender_domains = +blacklist_domains


All this is doing is creating a list of blacklisted domain names or TLDs.

You need to add something to the acl_smtp_rcpt ACL to act up on this data

Maybe

deny
sender_domains = +blacklist_domains
message = ${lc:$sender_address} is blacklisted
log_message = ${lc:$sender_address} is blacklisted
 

sitetree

New member
Joined
Aug 12, 2019
Messages
2
Thanks for mentioning ACL.

I changed the ACL acl_check_recipient. Now its working fine.

Emails are blocked by EXIM:

Reporting-MTA: dns; smtpq1.tb.mail.iss.as9143.net

Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
Remote-MTA: dns; mail.sitetree.nl
Diagnostic-Code: smtp; 554 denied. 5.7.1 Domain Blocked due to SPAM
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,747
Location
Maastricht
Use the latest exim.conf and you should be fine with those files. This is a 2 year old thread.
Edit #35 and edit #39 takes care of those files so if you're using the spamblocker exim.conf 4.5.33 or later (and a couple sooner) they work by default, if indeed (according to the docs) you enable the "Use RBL blocking".
 
Top