On Mon, 12 Feb 2018, Sebastian Nielsen via Exim-users wrote:
I use the following banlist, works pretty well for me, for MAIL FROM stage:
deny
message = Banned TLD
sender_domains =
^(?i).*\\.(bid|store|club|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university)\$
And also for MIME From, for data stage:
deny
message = Banned TLD in MIME From ($h_from:)
condition = ${if match
{$h_from:}{^(?i).*\\.(bid|store|club|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university)>\$}{yes}{no}}
Thanks for sharing, Sebastian! This seems very neat, and simple enough. I
think I will apply your rules in my configuration file :-)
As for me, I use:
* Pyruse (https://yalis.fr/git/yves/pyruse/) to detect bogus connection
attempts, and ban the IP that abuse the service (so far, China, India,
Ukraine...)
* sbl.spamhaus.org to blacklist domains from my exim.conf file
Cheers,
Y.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
