NethServer Version: 7.6
Module: mail, rspamd
the .top domain spam is getting annoying at hundreds per day, when I try to add .top or *.top to the ‘block from’ an error is thrown that it’s not an email address or host name.
NethServer Version: 7.6
Module: mail, rspamd
the .top domain spam is getting annoying at hundreds per day, when I try to add .top or *.top to the ‘block from’ an error is thrown that it’s not an email address or host name.
Let’s try putting only top (without dots or asterisks)
The input field accepts it but I don’t know if it works
I’ll have to look into this some more, definitely not comfortable with dropping that in on a production mail server, it’s a little too broad.
So as a follow up to this, I have 23,000 dns queries to .gdn domains from the mail server in one week.
It’d be really nice to block or reject these tld’s.
So, there is a domain blacklist… /etc/rspamd/blacklist_from_domains.map
How do we edit that list?
The list takes the entries from “Block from” in mail filter settings.
well, yes… but that list won’t take just a tld or I just haven’t figured out the correct syntax for the field or it populates this list; /etc/rspamd/blacklist_from.map… not the /etc/rspamd/blacklist_from_domains.map
It seems very simple but I didn’t test if it works:
[root@server2 ~]# cat /etc/rspamd/blacklist_from_domains.map
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
#
# blacklist domain from
#
com
test.com
@mrmarkuz only com
doesn’t work and it’s what @fasttech needs
But why didn’t use “learning” function of rspamd? You can teach to your mail server by moving emails “spam” to “junk” folder. Otherwise I think the only solution it’s to mark all the domains as SPAM…
@federico.ballarini because;
I don’t need spam learning, rspam already rejects the emails, at the cost of massive dns queries, I was considering that by telling rspamd to block the tld’s .gdn, or .top etc., that would reduce resource usage of rspamd and the network in general since rspam wouldn’t have to lookup and calculate anything, just drop the mails based on the blacklist.
Mmm… ok, sorry: I don’t remember that were too much messages
But on the Internet I can’t found anything about rspamd “domain extensions” block.
@mrmarkuz interesting, I was scared to try just tld, seemed a little to open ended, and I had also tried *.gdn and .gdn, both error’d with not an email or hostname, which led me to believe that a tld wasn’t even an option till I looked in the rspam ui and found the domain blacklist, I just dropped gdn into the list at your suggestion, it took, the error message is misleading, so we’ll see how it goes, thanks for the suggestion.
I tried it now with tld “at” and it doesn’t work.
But we may setup a new filter, I am working on it and report to you if it works.
https://rspamd.com/doc/modules/multimap.html#from-rcpt-and-header-filters
@mrmarkuz you get what I trying for here though right…? to reduce workload… rspamd is rejecting the emails, it’s not about emails getting into the inbox, it’s about getting rspam to reject based on the blacklisted tld without doing all the other work, calculations and dns lookups.
Yes, it’s not about bayes filter, it’s just about rejecting by tld blacklist.
I try to create a new list where you can put the tlds that should be rejected.
Maybe i am asking the dumbest question ever: installation is still on 6.x version? Or it has been updated until 7.6?
We weren’t using rspamd with v6
I am aware of that. So… I think that first post (and tags too) should be updated
lol! This started 2 yrs ago, I guess I can update the first post. @pike
Too funny, I didn’t set those tags… and I can’t edit my own post. shrug
I wikified it, should be possible now.
To block tlds:
Create a custom template:
mkdir -p /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf
Create /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf/90tld
with following content:
#
# configure tld list
#
{
if ($rspamd{SpamCheckStatus} eq 'enabled') {
$OUT .= << 'EOF'
FROM_BLACKLIST_TLD {
type = "from";
map = [
"${CONFDIR}/blacklist_from_tld.map",
];
action = "reject";
filter = "top";
symbol = "FROM_BLACKLIST_TLD";
regexp = true;
description = "Refused list of FROM TLD";
}
EOF
}
}
Create /etc/rspamd/blacklist_from_tld.map
with tlds to block like:
[.]com$
[.]at$
[.]de$
Apply changes:
signal-event nethserver-mail-filter-update
Please test and give feedback…