Blocking email at the tld

NethServer Version: 7.6
Module: mail, rspamd

the .top domain spam is getting annoying at hundreds per day, when I try to add .top or *.top to the ‘block from’ an error is thrown that it’s not an email address or host name.

Let’s try putting only top (without dots or asterisks)
The input field accepts it but I don’t know if it works

1 Like

I’ll have to look into this some more, definitely not comfortable with dropping that in on a production mail server, it’s a little too broad.

So as a follow up to this, I have 23,000 dns queries to .gdn domains from the mail server in one week.

It’d be really nice to block or reject these tld’s.

So, there is a domain blacklist… /etc/rspamd/blacklist_from_domains.map

How do we edit that list?

The list takes the entries from “Block from” in mail filter settings.

well, yes… but that list won’t take just a tld or I just haven’t figured out the correct syntax for the field or it populates this list; /etc/rspamd/blacklist_from.map… not the /etc/rspamd/blacklist_from_domains.map

It seems very simple but I didn’t test if it works:

grafik

[root@server2 ~]# cat /etc/rspamd/blacklist_from_domains.map
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#

#
# blacklist domain from
#

com
test.com

@mrmarkuz only com doesn’t work and it’s what @fasttech needs

But why didn’t use “learning” function of rspamd? You can teach to your mail server by moving emails “spam” to “junk” folder. Otherwise I think the only solution it’s to mark all the domains as SPAM…

@federico.ballarini because;

I don’t need spam learning, rspam already rejects the emails, at the cost of massive dns queries, I was considering that by telling rspamd to block the tld’s .gdn, or .top etc., that would reduce resource usage of rspamd and the network in general since rspam wouldn’t have to lookup and calculate anything, just drop the mails based on the blacklist.

1 Like

Mmm… ok, sorry: I don’t remember that were too much messages :sweat_smile:
But on the Internet I can’t found anything about rspamd “domain extensions” block.

@mrmarkuz interesting, I was scared to try just tld, seemed a little to open ended, and I had also tried *.gdn and .gdn, both error’d with not an email or hostname, which led me to believe that a tld wasn’t even an option till I looked in the rspam ui and found the domain blacklist, I just dropped gdn into the list at your suggestion, it took, the error message is misleading, so we’ll see how it goes, thanks for the suggestion.

I tried it now with tld “at” and it doesn’t work.

But we may setup a new filter, I am working on it and report to you if it works.

https://rspamd.com/doc/modules/multimap.html#from-rcpt-and-header-filters

@mrmarkuz you get what I trying for here though right…? to reduce workload… rspamd is rejecting the emails, it’s not about emails getting into the inbox, it’s about getting rspam to reject based on the blacklisted tld without doing all the other work, calculations and dns lookups.

Yes, it’s not about bayes filter, it’s just about rejecting by tld blacklist.
I try to create a new list where you can put the tlds that should be rejected.

2 Likes

Maybe i am asking the dumbest question ever: installation is still on 6.x version? Or it has been updated until 7.6?

We weren’t using rspamd with v6

I am aware of that. So… I think that first post (and tags too) should be updated :slight_smile:

lol! This started 2 yrs ago, I guess I can update the first post. @pike

Too funny, I didn’t set those tags… and I can’t edit my own post. shrug

I wikified it, should be possible now.

To block tlds:

Create a custom template:

mkdir -p /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf

Create /etc/e-smith/templates-custom/etc/rspamd/local.d/multimap.conf/90tld with following content:

#
# configure tld list
#

{
if ($rspamd{SpamCheckStatus} eq 'enabled') {

$OUT .= << 'EOF'
FROM_BLACKLIST_TLD {
    type = "from";
    map = [
    "${CONFDIR}/blacklist_from_tld.map",
    ];
    action = "reject";
    filter = "top";
    symbol = "FROM_BLACKLIST_TLD";
    regexp = true;
    description = "Refused list of FROM TLD";
}
EOF
}
}

Create /etc/rspamd/blacklist_from_tld.map with tlds to block like:

[.]com$
[.]at$
[.]de$

Apply changes:

signal-event nethserver-mail-filter-update

Please test and give feedback…

5 Likes