Am 28.03.2016 um 21:02 schrieb Vincent Fox:
On 03/27/2016 06:58 PM, Thomas Cameron wrote:Has anyone actually gotten a single legit message from that domain?Never. WTF was ICANN thinking? I occasionally go through the lists of abused gTLD here: http://www.surbl.org/tld/ It certainly saves a lot of hygiene processing time to just dump this garbage at the outset. Now that I think about it, a default block for "fresh" gTLD would be nice
nothing easier than that with postfix, just start with DUNNO fo waht you want to accept and add "check_sender_access pcre:/etc/postfix/blacklist_tld.cf" to your restrictions
we splitted here even in two regex-files, one before and one after the sff-policyd while the one after the spf test clearly states in the reject text that SPF is required to use it
that can be re-used for PTR and HELO tests tooyou need to list the "old" TLD's with DUNNO rules before the reject, stripped that here because the list is long, see http://data.iana.org/TLD/tlds-alpha-by-domain.txt and there was also some list which has a column stating if it is a country-domain and so on
[admin@mail-gw:~]$ cat /etc/postfix/blacklist_tld.cf/.*\.(com|net|at|ch|org|de|uk|us|info|biz|eu|edu|gov|wien|asia|bio|global|life|name|pro|city|country|international|science|travel|agency|immobilien)$/ DUNNO
/.*\.*/ REJECT Prohibited Domain (Invalid TLD)
signature.asc
Description: OpenPGP digital signature
