Am 28.03.2016 um 05:24 schrieb Bill Cole:
On 27 Mar 2016, at 21:58, Thomas Cameron wrote:Has anyone actually gotten a single legit message from that domain?IMHO we're close to the point where it will make sense to make email default-deny and to build standard protocols for senders to be returned to the traditional trust model on a domainwise basis for each receiving system or domain. The authentication methods already exist, there just isn't enough adoption (for some good reasons) and we don't have usable authorization models
what we do is: * reject every non-existent tld * download http://data.iana.org/TLD/tlds-alpha-by-domain.txt daily * if new domains arrived allow them as sender/helo in theory * BUT blacklist_tld.cf comes after the spf-policyd * old gTLD and ccTLD are excluded here * some speical friends like .top and *.xyz* are in a own sender-access and even in a unconditional helo-reject -------- Weitergeleitete Nachricht -------- Betreff: Cron <root@mail-gw> update-spamfilter.sh Datum: Sat, 26 Mar 2016 02:40:03 +0100 (CET) Von: (Cron Daemon) UPDATED: /etc/postfix/blacklist_generic_ptr.cf 1145a1146 > /.*\.ally$/ DUNNO 1189a1191 > /.*\.barefoot$/ DUNNO --------------------------------------------------------------------- UPDATED: /etc/postfix/blacklist_helo.cf 44a45 > /.*\.ally$/ DUNNO 88a90 > /.*\.barefoot$/ DUNNO --------------------------------------------------------------------- UPDATED: /etc/postfix/blacklist_tld.cf 22a23> /.*\.ally$/ REJECT Spam-TLD (SPF Required: .ally - see http://en.wikipedia.org/wiki/Sender_Policy_Framework)
51a53> /.*\.barefoot$/ REJECT Spam-TLD (SPF Required: .barefoot - see http://en.wikipedia.org/wiki/Sender_Policy_Framework)
--------------------------------------------------------------------- OK: /usr/bin/systemctl reload postfix.service
signature.asc
Description: OpenPGP digital signature