rejecting 'fancy' TLDs, allowing a specified one ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

rejecting 'fancy' TLDs, allowing a specified one ?

lists-3
I have a check to reject 'fancy TLDs' as below

smtpd_sender_restrictions =
 permit_mynetworks,
 permit_sasl_authenticated,
 check_sender_access pcre:/etc/postfix/sender_pcre,
 check_sender_access pcre:/etc/postfix/reject_domains

cat /etc/postfix/reject_domains
/\.bid$/ REJECT We reject all .bid domains
/\.biz$/ REJECT We reject all .biz domains
...

that works well, but, now have a user who gets a valid inbound rejected

Dec 16 15:06:14 postfix/smtpd[8695]: NOQUEUE: reject: RCPT from
mail-sy4aus01on2077.outbound.protection.outlook.com[40.107.107.77]: 554
5.7.1 <[hidden email]>: Sender address rejected: We reject all .biz
domains; from=<[hidden email]> to=<recipient@tld> proto=ESMTP
helo=<AUS01-SY4-obe.outbound.protection.outlook.com>

is there an easy way, and how, to exempt a specified domain like
'abcd.biz' from my sender restriction ?

thanks, V


Reply | Threaded
Open this post in threaded view
|

Re: rejecting 'fancy' TLDs, allowing a specified one ?

Dominic Raferd
On 16/12/2020 11:07, [hidden email] wrote:

> I have a check to reject 'fancy TLDs' as below
>
> smtpd_sender_restrictions =
>   permit_mynetworks,
>   permit_sasl_authenticated,
>   check_sender_access pcre:/etc/postfix/sender_pcre,
>   check_sender_access pcre:/etc/postfix/reject_domains
>
> cat /etc/postfix/reject_domains
> /\.bid$/ REJECT We reject all .bid domains
> /\.biz$/ REJECT We reject all .biz domains
> ...
>
> that works well, but, now have a user who gets a valid inbound rejected
>
> Dec 16 15:06:14 postfix/smtpd[8695]: NOQUEUE: reject: RCPT from
> mail-sy4aus01on2077.outbound.protection.outlook.com[40.107.107.77]: 554
> 5.7.1 <[hidden email]>: Sender address rejected: We reject all .biz
> domains; from=<[hidden email]> to=<recipient@tld> proto=ESMTP
> helo=<AUS01-SY4-obe.outbound.protection.outlook.com>
>
> is there an easy way, and how, to exempt a specified domain like
> 'abcd.biz' from my sender restriction ?

/etc/postfix/reject_domains:

/@abcd\.biz$/ DUNNO
/\.bid$/ REJECT We reject all .bid domains
/\.biz$/ REJECT We reject all .biz domains
Reply | Threaded
Open this post in threaded view
|

Re: rejecting 'fancy' TLDs, allowing a specified one ?

@lbutlr
On 16 Dec 2020, at 04:14, Dominic Raferd <[hidden email]> wrote:
> /etc/postfix/reject_domains:
>
> /@abcd\.biz$/ DUNNO
> /\.bid$/ REJECT We reject all .bid domains
> /\.biz$/ REJECT We reject all .biz domains

I do this:

/.*automators\.fm$/ DUNNO
/.*counter\.social/ DUNNO
/.*ometria.email/ DUNNO
/.*\.(com|net|org|edu|gov|ca|mx|de|dk|fi|fr|uk|us|tv|info|eu|es|il|it|nl|name|jp|host|au|nz|ch|tv)$/ DUNNO
/.*\.*$/ 550 Mail to or from this TLD is not allowed

Fourth line passes all the "good" TLDs that I accept mail from, based on my server's mail. The first three accept specific domains. The last tells everyone else to go away, and why.

This means I do not need to keep track of the new TLDs that are being created every day to firehose more spam, they simply get dropped almost immediately.

--
IT'S POTATO, NOT POTATOE Bart chalkboard Ep. 7F01

Reply | Threaded
Open this post in threaded view
|

Re: rejecting 'fancy' TLDs, allowing a specified one ?

Jaroslaw Rafa
Dnia 18.12.2020 o godz. 06:38:32 @lbutlr pisze:
> /.*\.(com|net|org|edu|gov|ca|mx|de|dk|fi|fr|uk|us|tv|info|eu|es|il|it|nl|name|jp|host|au|nz|ch|tv)$/ DUNNO
> /.*\.*$/ 550 Mail to or from this TLD is not allowed

Should I feel offended that Poland does not exist for you? ;)
--
Regards,
   Jaroslaw Rafa
   [hidden email]
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Reply | Threaded
Open this post in threaded view
|

Re: rejecting 'fancy' TLDs, allowing a specified one ?

Viktor Dukhovni
In reply to this post by lists-3
On Wed, Dec 16, 2020 at 10:07:39PM +1100, [hidden email] wrote:

> that works well, but, now have a user who gets a valid inbound rejected
>
> Dec 16 15:06:14 postfix/smtpd[8695]: NOQUEUE: reject: RCPT from
> mail-sy4aus01on2077.outbound.protection.outlook.com[40.107.107.77]: 554
> 5.7.1 <[hidden email]>: Sender address rejected: We reject all .biz
> domains; from=<[hidden email]> to=<recipient@tld> proto=ESMTP
> helo=<AUS01-SY4-obe.outbound.protection.outlook.com>
>
> is there an easy way, and how, to exempt a specified domain like
> 'abcd.biz' from my sender restriction ?

Exceptions via "DUNNO", as noted by others, are of course an option, but
far better to not impose such crude measures, and not block entire TLDs.
The ".biz" TLD is now well established, and not dramatically more prone
to abuse than the others.  Best to rely on a couple of decent RBLs and
a spam-classifying content filter or milter.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: rejecting 'fancy' TLDs, allowing a specified one ?

@lbutlr
In reply to this post by Jaroslaw Rafa
On 18 Dec 2020, at 07:54, Jaroslaw Rafa <[hidden email]> wrote:
> Dnia 18.12.2020 o godz. 06:38:32 @lbutlr pisze:
>> /.*\.(com|net|org|edu|gov|ca|mx|de|dk|fi|fr|uk|us|tv|info|eu|es|il|it|nl|name|jp|host|au|nz|ch|tv)$/ DUNNO
>> /.*\.*$/ 550 Mail to or from this TLD is not allowed
>
> Should I feel offended that Poland does not exist for you? ;)

It has nothing to do with exists or not, it has to do with the mail my server receives.

--
Ninety percent of true love is acute, ear-burning embarrassment.
        --Wyrd Sisters