how to reject emails from TLD by using *.wildcard in /etc/virtual/blacklist_domains

sitetree

New member
Joined
Aug 12, 2019
Messages
2
Hi,

I want to block emails for the TLD: .icu / .website by using a wildcard in /etc/virtual/blacklist_domains.

It does not work. Has someone an idea how to get it working/debugged?

FILES information:

I put in /etc/virtual/blacklist_domains:
*.website
*.icu

In /etc/exim.conf:
domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
senders = +blacklist_senders
sender_domains = !+blacklist_domains
sender_domains = +blacklist_domains

Server: Linux ns3.sitetreeserver.nl 2.6.32-042stab139.1 #1 SMP Tue Jun 18 12:51:14 MSK 2019 x86_64 x86_64 x86_64 GNU/Linux

Email (which should be blocked):

From - Mon Aug 12 13:09:20 2019
X-Account-Key: account17
X-UIDL: 000112925568a2c5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <elena@datefinance.website>
Delivered-To: peter@3pfotografie.nl
Received: from ns3.sitetreeserver.nl
by ns3.sitetreeserver.nl with LMTP
id fh1hH6pHUV15KgAAPTwCzw
(envelope-from <elena@datefinance.website>)
for <peter@3pfotografie.nl>; Mon, 12 Aug 2019 13:04:10 +0200
Return-path: <elena@datefinance.website>
Received: from word.datefinance.website ([54.39.84.197])
by ns3.sitetreeserver.nl with esmtps (TLSv1.2:AECDH-AES256-SHA:256)
(Exim 4.92)
(envelope-from <elena@datefinance.website>)
id 1hx87V-00036Q-G1
for peter@3pfotografie.nl; Mon, 12 Aug 2019 13:04:10 +0200
Received: from mail.gumgym.icu (localhost [127.0.0.1])
by mail.gumgym.icu (Postfix) with ESMTP id 466XzC6SJ3z26nXq
for <peter@3pfotografie.nl>; Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
Authentication-Results: mail.gumgym.icu (amavisd-new);
dkim=pass (1024-bit key) reason="pass (just generated, assumed good)"
header.d=gumgym.icu
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gumgym.icu; h=
list-id:list-unsubscribe:precedence:content-type:content-type
:mime-version:to:reply-to:from:from:subject:subject:date:date
:message-id; s=dkim; t=1565607847; x=1568199848; bh=lqAikaLNmD8H
cPEP9+xigKJJFYmoUrKYZd+2I3ngAQA=; b=a8n65iwxM8S8rqT/pCaMvRAhF2CC
ZjCQjDhmDMqGun9uEUZxRS27z9KHfwcz4UBKonFL2DOjKV3ibNwoknU4NZSymioG
//bjzbCyZR3ZgpTVo7FotHLPs5FlmYhSROVDTa8Fbvz9AM8FH7VfgmHCLCn+BXiE
IC3tWscAKaJRRiE=
X-Virus-Scanned: amavisd-new at mail.gumgym.icu
X-Spam-Flag: NO
X-Spam-Score: 2.66
X-Spam-Level: **
X-Spam-Status: No, score=2.66 tagged_above=2 required=6.2
tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, HTML_MESSAGE=0.001,
MAILING_LIST_MULTI=-1, RAZOR2_CF_RANGE_51_100=1.886,
RAZOR2_CHECK=0.922, URIBL_ABUSE_SURBL=1.25, URIBL_BLOCKED=0.001,
URIBL_DBL_SPAM=2.5] autolearn=no autolearn_force=no
Received: from mail.gumgym.icu ([127.0.0.1])
by mail.gumgym.icu (mail.gumgym.icu [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id L3ZEG_-Dt1Kg for <peter@3pfotografie.nl>;
Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
Received: from global.techwrestle.com (ns565857.ip-51-79-17.net [51.79.17.112])
by mail.gumgym.icu (Postfix) with ESMTPSA id 466XzC18vYz26nY3
for <peter@3pfotografie.nl>; Mon, 12 Aug 2019 07:04:07 -0400 (EDT)
Message-ID: <1bfd0501534cf5dc7acfb648b7140f39@datefinance.website>
Date: Mon, 12 Aug 2019 11:04:07 +0000
Subject: Zonnepanelen zonder investering nu mogelijk
From: Het Landelijk Energiecollectief <elena@datefinance.website>
Reply-To: Het Landelijk Energiecollectief <elena@datefinance.website>
To: "peter@3pfotografie.nl" <peter@3pfotografie.nl>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=_swift_v4_1565607847_9cc65c281611e25f358b1746eb76d2d9_=_"
X-Wgxb-Tracking-Did: 265
X-Wgxb-Subscriber-Uid: gv3616vkst654
X-Wgxb-Mailer: SwiftMailer - 5.4.x
X-Wgxb-EBS: http://tell.offroadsky.info/index.php/lists/block-address
X-Wgxb-Delivery-Sid: 117
X-Wgxb-Customer-Uid: lc946a1m5b6b7
X-Wgxb-Customer-Gid: 0
X-Wgxb-Campaign-Uid: pr5581gz69660
X-Sender: elena@datefinance.website
X-Report-Abuse: Please report abuse for this campaign here:
http://tell.offroadsky.info/index.php/campaigns/pr5581gz69660/report-abuse/ov272cf5y5378/gv3616vkst654
X-Receiver: peter@3pfotografie.nl
Precedence: bulk
List-Unsubscribe: <http://tell.offroadsky.info/index.php/lists/ov272cf5y5378/unsubscribe/gv3616vkst654/pr5581gz69660/unsubscribe-direct?source=email-client-unsubscribe-button>,
<mailto:elena@datefinance.website?subject=Campaign-Uid:pr5581gz69660 /
Subscriber-Uid:gv3616vkst654 - Unsubscribe request&body=Please unsubscribe
me!>
List-Id: ov272cf5y5378 <ALLOPN7>
Feedback-ID: pr5581gz69660:gv3616vkst654:eek:v272cf5y5378:lc946a1m5b6b7
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 54.39.84.197, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-DKIM: signer='gumgym.icu' status='pass' reason=''
DKIMCheck: Server passes DKIM test, -20 Spam score
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "ns3.sitetreeserver.nl",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Zonnepanelen op je dak zonder hoge investering. Hoe werkt
dat? http://tell.offroadsky.info/index.php/campaigns/pr5581gz69660/track-url/gv3616vkst654/7744bf47c858cbd26a3ac29c22dadee5aa58e141
http://tel [...]

Content analysis details: (2.1 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: gumgym.icu]
5.0 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: techwrestle.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
SpamTally: Final spam score: -39
 

sparek

Verified User
Joined
Jun 27, 2019
Messages
118
Well... you're not actually doing anything with the list. Although, I also can't be certain if the list is being constructed correctly.

domainlist blacklist_domains = nwildlsearch;/etc/virtual/blacklist_domains
BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames
senders = +blacklist_senders
sender_domains = !+blacklist_domains
sender_domains = +blacklist_domains


All this is doing is creating a list of blacklisted domain names or TLDs.

You need to add something to the acl_smtp_rcpt ACL to act up on this data

Maybe

deny
sender_domains = +blacklist_domains
message = ${lc:$sender_address} is blacklisted
log_message = ${lc:$sender_address} is blacklisted
 

sitetree

New member
Joined
Aug 12, 2019
Messages
2
Thanks for mentioning ACL.

I changed the ACL acl_check_recipient. Now its working fine.

Emails are blocked by EXIM:

Reporting-MTA: dns; smtpq1.tb.mail.iss.as9143.net

Action: failed
Final-Recipient: rfc822;peter@sitetree.nl
Status: 5.0.0
Remote-MTA: dns; mail.sitetree.nl
Diagnostic-Code: smtp; 554 denied. 5.7.1 Domain Blocked due to SPAM
 
Top