Rule to block domain

[thiagotgc]

I created these two rules to block any domain that has the word top

But unfortunately it is not blocking.

Spoiler: Images

Does anyone have any ideas?

 

[Stoiko Ivanov]

In that Context the regex is already anchored - try dropping the extra '^' and '$'

I hope this helps!

 

[chebedewel]

To block the tld .top you can use this :

(.*)\.top

 

[thiagotgc]

To block the tld .top you can use this :

(.*)\.top

Very good!!

But how could I block when she is between points (.)

abc@top.xyz
or
avc@xyz.top.zyx

I left it that way.

(.*)\@.*top

Is correct?

 

[hata_ph]

Just use this.

(\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}\.ae(\W|$)

It will block domain @xxx.ae. Add more to block others.

 

[chebedewel]

And you can try your regex at https://regex101.com

 

[thiagotgc]

Just use this.

(\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}\.ae(\W|$)

It will block domain @xxx.ae. Add more to block others.

View attachment 13656

Even with this rule, continuous receipt or regex error does not match.

(.*)\@.*top

It seems to me that this way, it catches correctly.

Do you think I may have problems?

 

[thiagotgc]

I am putting together a lot of blocking rules.

But I'm wondering what is the simplest and most efficient way to block any domain with ".top" termination

(.*)\@.*top
(\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}\.top(\W|$)
.+\.top$

 

[hata_ph]

(\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}\.top(\W|$) work well for me.
Test your blacklist what object.

 

[Erk]

Nowadays there are over 1,500 TLDs, I would be lucky if 50 of them were the source of legetimate emails we receive, so how do I block 1,500 TLDs I don't wish receive spam from?

In sendmail I just add a single line for each TLD or domain into /etc/mail/access and make a hash db from it.

eg.

live REJECT
top REJECT
com OK

I just want to be able to do that exact same thing in PMG
I know postfix can support an /etc/postfix/access file like that.
Can I do it in PMG or is it disabled?

 

[Stoiko Ivanov]

In sendmail I just add a single line for each TLD or domain into /etc/mail/access and make a hash db from it.

In PMG the matching for domains is limted to that domain (and not to it's subdomains) - to match everything that ends in e.g. '.top' use a regex:

'.*\.top'
(they get anchored while matching in the system so this will match everything that matches '^.*\.top' )

I just want to be able to do that exact same thing in PMG
I know postfix can support an /etc/postfix/access file like that.
Can I do it in PMG or is it disabled?

You can do everything in PMG that you can do with plain postfix - you just need to use the templateing system to adapt the postfix configuration:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine


I hope this helps!

 

[Erk]

...
You can do everything in PMG that you can do with plain postfix - you just need to use the templateing system to adapt the postfix configuration:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine


I hope this helps!

Thanks, that seemed to work.

A recap of the steps involved for anyone interested.

I created the /etc/pmg/templates directory as the docs said to.
Copied /var/lib/pmg/templates/main.cf.in to it
Edited main.cf.in as follows

smtpd_sender_restrictions =
        permit_mynetworks
        reject_non_fqdn_sender
        check_client_access       cidr:/etc/postfix/clientaccess
        check_sender_access     hash:/etc/postfix/access
#      check_sender_access     regexp:/etc/postfix/senderaccess

I disabled /etc/postfix/senderaccess which only had one line in it anyway and replaced it with my /etc/postfix/access table which has 1,363 lines in it.
Then I did postmap hash /etc/postfix/access to build the access.db database, (which you have to after each time you alter the access file).
Finally ran pmgconfig sync --restart 1 to make the new main.cf.in template take effect.

So now in /etc/postfix/access I have a bunch of REJECT lines for most of these newer TLDs the spam is coming from.

eg.

aaa            REJECT
aarp        REJECT
abarth        REJECT
abb            REJECT
abbott        REJECT
abbvie        REJECT

etc.

In /var/log/mail.log I see entries that contain Sender address rejected: Access denied instead of Recipient address rejected: Service is unavailable (try later) which was what it was saying previously with just the blacklist regexp working, that suggests it's hitting the access.db first which is good.

If you read the Postfix access(5) man page, it's got a lot of features! http://www.postfix.org/access.5.html