bloc domains with all variants of tld

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

bloc domains with all variants of tld

wodel youchi
Hi,

We need to bloc some incoming emails from certain domains.
How to write rules to bloc a domain with all its variant of tld?
if we want to bloc the example domain we write the rules like this

example.com   REJECT
example.fr       REJECT
example.de     REJECT
etc...

How to write one rule to express all tlds? something like

exemple.*      REJECT

Regards.

Garanti sans virus. www.avast.com
Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

Ralph Seichter
On 06.11.2017 10:26, wodel youchi wrote:

> We need to bloc some incoming emails from certain domains.
> How to write rules to bloc a domain with all its variant of tld?

Access tables can support regexp or pcre, if your Postfix has been
compiled that way. The postconf -m command will show you which map
types are supported.

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

wodel youchi
Hi,

both are supported pcre and regexp.

Regards.

Garanti sans virus. www.avast.com

2017-11-06 11:07 GMT+01:00 Ralph Seichter <[hidden email]>:
On 06.11.2017 10:26, wodel youchi wrote:

> We need to bloc some incoming emails from certain domains.
> How to write rules to bloc a domain with all its variant of tld?

Access tables can support regexp or pcre, if your Postfix has been
compiled that way. The postconf -m command will show you which map
types are supported.

-Ralph

Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

Dominic Raferd


On 6 November 2017 at 10:43, wodel youchi <[hidden email]> wrote:
Hi,

both are supported pcre and regexp.



2017-11-06 11:07 GMT+01:00 Ralph Seichter <[hidden email]>:
On 06.11.2017 10:26, wodel youchi wrote:

> We need to bloc some incoming emails from certain domains.
> How to write rules to bloc a domain with all its variant of tld?

Access tables can support regexp or pcre, if your Postfix has been
compiled that way. The postconf -m command will show you which map
types are supported.

​So say use pcre and study http://www.postfix.org/pcre_table.5.html. Example (untested):

/@example\..*​$/ REJECT
Reply | Threaded
Open this post in threaded view
|

RE: bloc domains with all variants of tld

Michael Munger
In reply to this post by wodel youchi

This is interesting, and I am curious to know the answer as well. We have an application where denying all tlds and then allowing in certain ones would be very useful. (Default reject, allow only whitelisted).

 

Michael Munger, dCAP, MCPS, MCNPS, MBSS
High Powered Help, Inc.
Microsoft Certified Professional
Microsoft Certified Small Business Specialist
Digium Certified Asterisk Professional
[hidden email]

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of wodel youchi
Sent: Monday, November 6, 2017 4:26 AM
To: [hidden email]
Subject: bloc domains with all variants of tld

 

Hi,

 

We need to bloc some incoming emails from certain domains.

How to write rules to bloc a domain with all its variant of tld?

if we want to bloc the example domain we write the rules like this

 

example.com   REJECT

example.fr       REJECT

example.de     REJECT

etc...

 

How to write one rule to express all tlds? something like

 

exemple.*      REJECT

 

Regards.

 

Garanti sans virus. www.avast.com

 

Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

Viktor Dukhovni
In reply to this post by Dominic Raferd


> On Nov 6, 2017, at 6:15 AM, Dominic Raferd <[hidden email]> wrote:
>
> > We need to bloc some incoming emails from certain domains.
> > How to write rules to bloc a domain with all its variant of tld?
>
> ​So say use pcre and study http://www.postfix.org/pcre_table.5.html. Example (untested):
>
> /@example\..*​$/ REJECT

This will block "example" at more than just the 2LD level.  For just
2LD blocking:

    main.cf:
        smtpd_sender_restrictions =
            check_sender_access pcre:${config_directory}/sender-access.pcre

    sender-access.pcre:
        /@example\.[^.]+$/ REJECT email from example.* not wanted here

Mind you, I would not recommend such rules to anyone.  Just block the
domains specifically observed to send unwanted email.  If you really
want to block all tlds, there are only 1510 live at present and 31
in "test mode" with no delegations.  It is easy to machine generate
a complete list of patterns for a regular indexed table.

You can download the list of TLDS from a number of places, or even
the complete root zone file.

--
        Viktor.

$ openssl base64 -d <<'EOF' | gunzip -c > live-tlds.txt
H4sIAEN5AFoAA2WZ7bKzLM+G/7Mv98xqV9dHNwcVlVbFAra1W/8eJ9p1PTPvjCTh
G0ISErTWGmvjbGxlY+5BlVLIWejuHagmDSJCZ5sAXpreVt5YKmrbuHEF127KS3Si
wjJlO+X/IRM0Hevs72qRQzS24dMIDZXNMtCcKteRIk1dnlhYy2dHP6x1GGc7MU87
kKKvqaRpZ6+9ncBuqqlkSb5TYgAfqyUJtSHWTkR29L02NAcPrY1hdDQcfMXehWfL
GMPQ+slOL1Ep2+xEqDxZDUNZGI3V57SMyT3n6FL6y2/rVfYJaEvLstwxZRcb5Sc7
rNnX9NE0LCGwoBn2j66wap6VxPEb32KjG5SBZ9GO4mOse7Yaxfc4M3TMSjShc2oo
SF4ghdqzAQqpz/3gMqUZ5k+OngsfBxLgx9L4Asopg5liSXNIdFtyr8NaciiAse7e
TtrPg48su3ySYyMvHT+chJ0rwDcLcCqMEJ7Yx7xUg6+VbQSugKhUuyFMtlCDXWsb
mzedRLg2hCyis35SSXIVpyLi6vJOLj2LBq8uTgYprpDbqqJbdWfkuiNRzsAs0ln4
DFwyK3WONcD5wSkTB08zx94FqkVl0K2pGKHng9PeVPrErsozor+KmLoCAlDpZaqL
qQZbXzeI1DYIGPTEGVZDqK9IaNbkQ+gEwsj0ohaGG/lY4/gwFeuZ2OE0IyMIK6X0
D2ULwfWROTVIaNkmslkFMTeoSbgWUFYGB9U+1b1g9teCOP1KrA1L9jdNGzgsBouo
ddIyWXTn1I66GGzz0BZiuGrGGHJf8JKSGxidj7GWxs6Ff0uHtMGoxQ/NBl2kyZL8
JI0pvF1e8OluKrZJDvrVG6SrthWpdQAOF3D303VwHE2NBtVSNjUaZ8BUu4gKOqmF
skGNZpfDoxA+2+GNtQ2kS8neraoj5gdYiiUIGyplBWRfCpNmS64Ar1lSAX4KoKzk
dA4i+iARr1GEmpOrK40NZ2rKGlM79oWsaVCMTy1ZrVs+WrdUMwIDY9OwVUI71sy9
5umdZcu9x6p6cPQpjwgE1JoGDdovhQtU+jmiqSJQJPp7nWcNFxqN6bMvoBZcCyhK
gbTWVA/WI330YwRtiy2pwk/qICRhqQcEYKsOC4sflqqA0ZHhlNgaMwarBQXkCdi2
jn4Be9YVHDqdCFJLgp9ZeCyWQcQylbXttr/gWJrPS+FgGJNjPQh80OBTynE3acpw
p5TFBZhV54JjuXvUdtOKHf9xOoQCYDGtZLXLBRY19zKXYYXUf4lJG2IR0TU+76hY
ro1k7erAnYCJAhdp1NRx8TrOgsgmNrDweWnFMDDl3dQPUz8NN1q9jpHKNQBepuHm
jcCGhNADMeiNriiAtgNKy2RkZhrkuqHCIfwCsEtIhR0SDhq4i9kZhFoMwedcijWm
G0MdkbcGUS0DTBlJAydfQMckPeXejjCfQT17bHxXdK3x0dV5R0FTSPTg40bctRSP
/jSeqotprqYZTTPNBt+iCVyLAHkITcD0ANlX6FlUGIv1b7BXDdwcghiR76ZZuGyA
SGizUDwL0U5HRdMlIk+mueMvNHdGfRlXPB3E3SA9Dhl1jbta4KKECuvk4BHOiGPO
Aegio7sJ87yCOo6KXbwJsb7oNBqnM3Xl6nRz0jC3xc+61406IA2plEYUUy3TjVS8
DJeWWE4VTjoWssRwRybUmGvN3YtrAIpFO9xTMgt7cD8c1z8oJNTu7Y24J7KeZrks
Ld4RgG0A4sPrvKDgwO6qtLCHpNI4FiAD2GLiNHsrrWzh0BPomkr3WYvB5SoqWN5a
C4mnAZBYobIQKh0YDmdqKFB727AvJdEVsN0tUGODlEIgGQJiaus1Zi63RXsxLTPL
EEWhrocfYGWC7KDwo6xce2JmVhBKagqYXH6EeBW9uQw4hqqJ2hnqXmYPcVHPZWo2
KWi5D1umkMq0umQmz2m0kd4Rb1hMi0hZE0LcKF0XbSYtF48yFvyERwyDZpKYcuH0
i6/cLrnC4rSrN53lG5QGaaVwKHCZQaMrIAGVjSik6So+vIyu4SNLE8cgEjUB8a9z
Iaq8NR2Zjj10vemYzLe5AAbEChRY2rOAgftBEJZ3Q6i0JhBrGfkkRd2IG9SNKnka
DEEXsEgNSw7c8gJz8FpDGJiWAyARLkjqRHHLRBFdAbC8Q1+7oPZ300HeTEeDaDev
BmLu5SpDYIKMbBdTRj/TM4a68CoGMYlKRln44A83H0TNPdgtXhtaME3IRrdgT7uH
QY17tAEwYlM7U3zHnm32TVsXUNSM63ZAUTZU3ITeDbMA1vrqIUpR1NH0Hbao93PP
hnqf0C2df8+88tZ7TyUDXrPpR9NPpsf/w+HEW2jYahJR/MOeqKTBguRCiWWpUDt0
E5dHj9G1gm59yHzjopfStDk7vcyPgM60LyMR+5QRsvw0UDnJPiyl28P0cCLhL/e0
Zc1L16v1ivsGlDJ44/FIfU0bjx57riwcX6JD75Aqj7r5K56XYVQPPdoRc+DHpgIg
KgKVHzxn5/U1OL7RM4efMAnyRSBoxnrhK4m1Z+54UbtZLJRQVuKyFoxTUVNbchwx
CHHe4yi8cD97eqNb/mY4bR9lXRAjzPSgO8onMYLZk2gi1WphKOhMeOQ5T7SD+8E/
anOxEiwQ0cSlrkizuTg+J5xfGchhII8XJr4M9OBkLiMfDaaLuVAacAQBkrgL53IJ
tKZ2HtFTJPYyI6KXhVMXmhDyaK52aWHbtSFGI8zA8Y7rfo6FxoVi5VKRkp1j0IUg
3l7b3lw7cwXSlYjwytHg7jQaFYTyXXFZeo3uHzShFjK4QXCULwFOcvGvM9/IWDNV
ZDGcV7wcc13CdVO/68NcV75AoHh9GfwYYh7rn8JNCRgS1FixUUy7F824ioVsiYGG
ci8UhJgLNwXE4i9APXUJYJZkIMFZSe43KIZKRQ+lVa0rA/sHFAf/FQnnqDGqlLg2
2itIlhZIZ/dE74eOsAUpGLz1up1RROo90YfAPxFULuVV8+v6kbQOCv0GrxeCwaPx
8ATMwJ59DBoKdgsyrZ+TWt2Vv2+dn+jLQFXg8AVYi8xCFNLCAnZ64IYY5OKqiXw0
QWYIGmgelP5dqwNd6Uev3CjB0YVvairHvc1lgvoNy9MJLMjqcDcsfbR8NbH2aBsC
PpBvBcSM0V4d5ztakRO+RHFmIGHfaKOc2w1pRxulcWL0ekOCSL1eUqCSkw2HyFJf
vHwz1nyIYsIQjkzrjEIHEpIwOo3sBkLTOKmi1KIo2iZrUFqMXnCKczYmdczl1BDU
sTcjzimzeVzvJD7i65AmFWkDvqS0VPI1zHg1I9VIzqi1jnwsgUkYHstVAOdeEGvl
ygMorypaY4OwLKMssmAR6TEQrgDjKDaGmDt5YiMhOBZ3lKIIxHqtZZtH7j+SdwVi
i+gK229mhKBa+2PJmaFwL0a2jvHGWRmXvIgj9GbUpxlZwMtMlq8iyW/j1MKqAli4
GcyH7kRIBBt0X83EaUy1gdGTE8pK5QoE42U9zdt9mnBHtbjJPZS4toquQibAMxew
hwBTyzcYBEPSMnH/wX5CSGjpDQDOEGBemNynZKcNsRw60SjIak1wrn84sXTaN6si
9YSPJMw0wcPEkrSbSBmCh2xMKzt5GR0fdtdFGRICUCXdYYr87MOaMNiVmTe0GTPu
5MKVICeM49VFTEO4E9hLYHUkX7KrIkFxM+DqYHoZiCATUQmx+OfYO1OMO4Ezstsp
ggnJEm4EhK+gbMK9N7PlowOhrkXvaA6FxnijV58kiCMcN2KDKxB24e0pT64mcMQx
mjm+ueXzL7Y8d2Zm+B6/Hh2H8LJEYO0HiBwWWFytdaNVvRJ8mNkzPKPpfgHkjZbz
qnxjZE9maf4sEzcjWgqMZv96sR0KBj4FIbOe8vLmU8/DMpbXMghGGQ2XyozwzYGQ
ci5PS3OIlMmNmcnE/W1V1BN+lAiHWAtx5rpTagrYYn9VhVagU0PZW+ixtHtfjTu5
ishuezKY8QxJJdZFxsQipl8qM8NUHIB5NTdrbnoGuC0OeyrECm/32nDk2lC0ejvl
zBqDqxKdFSau2CI8kYprC15BNRd8MrpHSVscBAFzYnkIiK5HhaPTc0GBk1AGDL7c
R7GUTLkAxfbRzXJqQSiIeT+3WrVKuQCrq0wkhuaxI/V76i3PwOQN4EFzH0IF5bnr
9KwFuyM2NGqLfjZRJhT244XLRQBdGSk0TkWdJDUGdEc43Wm+8HUV+17wNiPBEJoa
H4y5Ltd1Mcny2ViMSdLLnwBsQldkpUp4lvSCBxxTeWsSscB2DEdz99c3rgPHrV2S
D4SmiZiJFADEbckm0l2DPSliFOxDwi9LNR8T4dslOODaVo8mkKNvsjAWgstMuqMM
tzJo0arq/mHjC4x/Wyt/Cf2kuxNLrxHw9LDenGLSm0NytRzZghQrJ+dY+uaPJj0x
GNkqLBTzlEToD3yQnkr0ICJNbLvnk8nyCAtUnAVp1ysmYKVXsuCgURSVCBRlTfL5
BbJ0KPURL3k0CT54vBFCGyvQ6VpK+DQmXUyiHDeSxGLw9EhYmsQ8QxmR7qP+Q6RR
92Si0VS3JsHhUNfaUyj+iW7icq2IeCigSoGII4m3gsumwUl2FsA8uMjbOwbBjetw
HJJiozRLuyqXi9uR6Kuj1fz6LNczcC4b0GUl0EtipIjb/KLKg4eogFynXCttNwDa
WF85cVVjybHLwoLMq8Lyl0SI5RWXEGc5LVKBtMzzICNTiLUgqSNeZCvQKWZNy2sR
O+8mPSw+OIhwfHscg8S+JQ6bdmsjlyKtEmhMTsKKOtyB9DIZ45AtJsSDOLZsidYD
KMpisylb3ItUyCiYg6qfSvSpDS5ibuioHTF4X8CkR9nVyEVT0Fheh0W0upMspBw5
dZq4q0GEQ7k1uTPYj9wzIsGyvJ+C4RjGlBblFZTmaEijbNvqRTdLmbIegQTRqHzh
G+2TNV5ITHPdclSxxlHPNnhAXFk5KFjOgYgDGDB+GQnXWakU4cehyUHRcNYNbcrf
gByIT1SOq4sTlfWXo0AJUdabw07ctfuC3k/DW05W7Y/6FxjkiE8EvBsu87wQjRCM
kiZtbEkIOD5KvpN5mPwyizVLEcIFs7PUgQnQ/aUzC0Vyj0ahu6aA+Que0AJvFnjF
fblQ8jJw/W63l8oENSk7lZcPw3WEdbvjsVCz/ZQVgQ+hZ9syqgy2DOcdQbmDPJ+9
qJmX+b57lZUH8juhjcZB6+/Y/LuPXSGx1vvrZPFVN8iVjNW9ey3O3xlnsFbRJvbr
zhca3J17GK6IfKeyMKgRF7BAmU3OyB1fFX27L3xuwBV56AYVLAYGLPF6sN0CurCA
o+KTTZMKVAfkTxfTjt8H+XCVfiGBSl1VDNyDO5hU5ODhfBUEqW4NDm4imYfeLh4w
BTBw/464UQzmVUhsxiX6kEMIKE7aA7v6CFppug7LQ1PpJUeOYvGiBZLgwMQYY/VH
Ix+o0lP/4LYnw2d5HFnNk2me03//HQ7Vqf5sNrq+Ht2h2ujb7XH8tIU+pjpeznWh
Pz9i/Fk3skr542Pc6CadTp/dRruP6ufjx22Z/n/6htvh9z78ztPn9zby5/xcfq+F
PB3rY3Peik9fVfyq1+Ev8x7h9HU7HHayq3DXCvl1qn7abD/qrebr6/Y4Hbs3/fza
dveVls/T5fz5XXVpr8yv8Wsjv9v4+t37fN9u59/v6vO5zf/7YZtnD2v3TDge7Ju+
ubqJ/7LJ9U31l3lsw/2uH/bje2fl+cN+2vpNujfht9HPTXU77g1d/jouG3mN8Hkr
rk6P74+v1sVtT1V9PVRn+9VEd9pGrQ/2vs1bH6v4s5McbPW5razuThUiV0hMUf3h
7Ed17I723NXboPUrfp9P1ZtOH/lNLsetRXOw9WUfD3poC+UOdl+Eq6/3JtfnrbVr
7+vvb7/RKd9/dp63dT4dz9vpt33ltkW1/nY8/tZffXpnv/e1QKbfv9LXeScvt5/j
zp12LsK2i3P7qo/12R3rPbem3+b7vNy7TWq64/N5+t0qu/oaP9uPbR+d+yey3fXT
5sN2Tj0Mdd0nztNf9t1sp/fR+mf+PZy2Vv5QfVcH+22Pe36MX4fPTfd8+LA/264v
B7zDNzVuvLp8Pw7nXacuw+37sJwfPxsrLvd4+D1v+7jW8fnz0xyep40J1zk+DjsL
oNevnze9/By+2zedP7eZB85yW/bQVRWbtc3vpeTHDtF6VO07g+R+ukv+n+ypPeyK
rPxP/VFV08e/Ajv+2P3cla2OVfOX8Wf76m7z999Udu1/uvmvc3VuqzlUf9n+YP+X
/tnPhGz9YRmr7v7y9qd5NeGddXE+oSAn/JW9pFt+j3+D+ZOr3XN+Z+fh2P6tOD+P
fwt4nurmw+5Z//w9H3a+oIDLaZf7idm/7Kt5Z9zZ7eyYCGI24nb/af9R6eMD72fL
r7f1uLMzfNaP07aOwKLa33azRTOH1b6p7fzmKp9/frb5565KH83Wb05p3Q3I7XxZ
q32Jt6fdxCb2t/v5e+NaDPfl93fbXLzXB1Y9fm7rTed/Uk7s8PV12rrk74/qa19t
rq+PrXX2t9P5eVu3U12mZT5tdwU+wqhHhUoPdi7+V+fq/5fjP/w3P/aK/rbcN2q5
/X7vt9LjFH+/3PDb9stXo7eZvTCdPjYGPTqko36Tw77AZ3/7Ou5DPK/10Q6f/ep2
IVBBM3zaL+c+NtatZ2T7tpFtDCf//bOJ04q8HO04Pkvu1cZDsU3E/Z6xcCqf68us
ttZ/xNUS0AFxNglMV3ktT7M6s4YGp1oPhGvoLOAaehoZ/ZAnFVdvzeZl+fDyE4h9
vvRP9IW7RCLsfI3mpdj+tbgSYL8e5v8AvhpDQnYnAAA=
EOF
Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

Dominic Raferd


On 6 November 2017 at 15:08, Viktor Dukhovni <[hidden email]> wrote:


> On Nov 6, 2017, at 6:15 AM, Dominic Raferd <[hidden email]> wrote:
>
> ​So say use pcre and study http://www.postfix.org/pcre_table.5.html. Example (untested):
>
> /@example\..*​$/ REJECT

This will block "example" at more than just the 2LD level.

​True, but to block say '[hidden email]' you need to block at more than 2LD level.​
Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

@lbutlr
In reply to this post by Viktor Dukhovni
On 6 Nov 2017, at 08:08, Viktor Dukhovni <[hidden email]> wrote:
> Mind you, I would not recommend such rules to anyone.  Just block the
> domains specifically observed to send unwanted email.  If you really
> want to block all tlds, there are only 1510 live at present and 31
> in "test mode" with no delegations.  It is easy to machine generate
> a complete list of patterns for a regular indexed table.

I find it is *extremely* effective to simply whitelist the TLDs I receive legitimate mail from:

# cat /etc/postfix/helo_checks.pcre
[…]
/.*infusionmail.com$/ 550 Infusionmail is not wanted or welcome
/.*\yahoo\.com/ 550 Yahoo.com is not allowed here, use gmail or someone who hasn't leaked 3 billion passwords
(com|net|org|edu|gov|ca|mx|de|dk|fi|uk|us|tv|info|biz|eu|es|il|it|nl|name|jp|host)$/ DUNNO
/.*webinar.com/ 550 Die in a Fire spammer scum
/.*xpoof\.us/ 550 Die is a Fire spammer scum
/.*\.*/ 550 Mail for this TLD is not allowed

(those are the TLDs that my server gets mail from, not recommending anyone else use that list).

--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

Viktor Dukhovni


> On Nov 6, 2017, at 12:45 PM, @lbutlr <[hidden email]> wrote:
>
>
> # cat /etc/postfix/helo_checks.pcre
> […]
> /.*infusionmail.com$/ 550 Infusionmail is not wanted or welcome
> /.*\yahoo\.com/ 550 Yahoo.com is not allowed here, use gmail or someone who hasn't leaked 3 billion passwords
> /\.(com|net|org|edu|gov|ca|mx|de|dk|fi|uk|us|tv|info|biz|eu|es|il|it|nl|name|jp|host)$/ DUNNO
> /.*webinar.com/ 550 Die in a Fire spammer scum
> /.*xpoof\.us/ 550 Die is a Fire spammer scum
> /.*\.*/ 550 Mail for this TLD is not allowed
>
> (those are the TLDs that my server gets mail from, not recommending anyone else use that list).

And thus we balkanize the Internet.  I would discourage anyone
from deploying such filters, IMHO they do more harm than good.

There are many legitimate domains under ".xyz", ".ovh", ...
and much junk email from ".biz" and ".info". Use decent RBLs
and content-based filters, avoid crude tools that impose
indiscriminate restrictions.

The above is a bad idea, that may be tolerable for their
creator, but such things do harm at a global level.
Don't do it.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: bloc domains with all variants of tld

Dirk Stöcker
On Mon, 6 Nov 2017, Viktor Dukhovni wrote:

>> /.*infusionmail.com$/ 550 Infusionmail is not wanted or welcome
>> /.*\yahoo\.com/ 550 Yahoo.com is not allowed here, use gmail or someone who hasn't leaked 3 billion passwords
>> /\.(com|net|org|edu|gov|ca|mx|de|dk|fi|uk|us|tv|info|biz|eu|es|il|it|nl|name|jp|host)$/ DUNNO
>> /.*webinar.com/ 550 Die in a Fire spammer scum
>> /.*xpoof\.us/ 550 Die is a Fire spammer scum
>> /.*\.*/ 550 Mail for this TLD is not allowed
>>
>> (those are the TLDs that my server gets mail from, not recommending anyone else use that list).
>
> And thus we balkanize the Internet.  I would discourage anyone
> from deploying such filters, IMHO they do more harm than good.
>
> There are many legitimate domains under ".xyz", ".ovh", ...
> and much junk email from ".biz" and ".info". Use decent RBLs
> and content-based filters, avoid crude tools that impose
> indiscriminate restrictions.
>
> The above is a bad idea, that may be tolerable for their
> creator, but such things do harm at a global level.
> Don't do it.

I operate a bug tracker with free account registration. From time to time
users with such "intelligent" filters try to register. Usually I simply
remove the accounts to get rid of the bounces. It is not worth
investigating when someone does not want to be contacted. :-)

Ciao
--
http://www.dstoecker.eu/ (PGP key available)