On 2/8/2023 12:37 PM, Rob McGee wrote:
On 2/8/2023 3:14 AM, Viktor Dukhovni wrote:
On Wed, Feb 08, 2023 at 10:00:14AM +0200, mailm...@ionos.gr wrote:
/\.top$/ REJECT
/\.xyz$/ REJECT
/\.cam$/ REJECT
/\.fun$/ REJECT
/\.buzz$/ REJECT
/\.club$/ REJECT
/\.link$/ REJECT
/\.hinet\.net$/ REJECT
Why everyone feels they need regular expressions for this is a mystery.
/etc/postfix/sender-access:
top REJECT I employ crude anti-spam measures
.top REJECT I employ crude anti-spam measuressnip
Very good post as always, but there was a typo. Here's a regexp (!) to
fix it:
s/crude/crude and ineffective/g
HTH :)
Those of you doing this should refer back to Viktor's previous post.
This is a bad idea: it won't really do much against spam and could
easily block non-spam. Again, none of these TLDs employ any tests to
ensure that registrants are spammers.
Something I have noticed recently: many times the envelope and header
sender addresses differ. It's an easy way for large-scale hosting
operations to manage their own DKIM keys. I saw this with Amazon
Workmail hosting.
Google Workspace hosting always uses the single account name as the
envelope sender, so when multiple domains are configured in the same
company account, each user always has the same envelope sender,
regardless of the header sender.
Here's a rule of thumb: if you think you can do much about spam based
on sender addresses, whether envelope or header: you're wrong.
I would prefer to quarantine rather than reject, if I can figure out how
to do that. I would at least be able to look through them periodically
and see if something is legit.
I suddenly started getting these (.store,.shop, etc) a could days ago.
They are all coming from this block of addresses: 107.182.131.0.
