Am 08.09.2016 um 15:44 schrieb Chip M.:
On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
i get a diff-output per mail each time the mailserver configs
are changing
That's a completely valid approach, and I am a big fan of
pre-emptive first strike (only as applied to potentially evil
email).
However, the vast majority of those TLDs will never
"go rogue", so I prefer to block on actual abuse
(Jason's approach), or likelihood of abuse, specifically, very
low cost. Jason appears to have much higher volume than I do,
so he'd be a good source of data for me and others.
we require at least SPF or DNSWL for them instead unconditonal reject
and the reject text contains a link to wikipedia what SPF is
the other part of using that file is to "DUNNO" specific tld's in front
of the checks and put a final line into helo-restrictions when no DUNNO
at all matched
/.*\.*/ REJECT Unacceptable HELO (Invalid TLD) see
https://www.ietf.org/rfc/rfc2821.txt and
https://www.ietf.org/rfc/rfc1912.txt
-------- Weitergeleitete Nachricht --------
Betreff: Cron /usr/local/bin/update-spamfilter.sh
Datum: Mon, 29 Aug 2016 16:30:03 +0200 (CEST)
UPDATED: /etc/postfix/blacklist_generic_ptr.cf
1484a1485
> /\.eco$/ DUNNO
2375a2377
> /\.vanguard$/ DUNNO
---------------------------------------------------------------------
UPDATED: /etc/postfix/blacklist_helo.cf
382a383
> /\.eco$/ DUNNO
1273a1275
> /\.vanguard$/ DUNNO
---------------------------------------------------------------------
UPDATED: /etc/postfix/blacklist_tld.cf
271a272
> /\.eco$/ REJECT Spam-TLD (SPF Required: .eco - see
http://en.wikipedia.org/wiki/Sender_Policy_Framework)
904a906
> /\.vanguard$/ REJECT Spam-TLD (SPF Required: .vanguard - see
http://en.wikipedia.org/wiki/Sender_Policy_Framework)
---------------------------------------------------------------------
OK: /usr/bin/systemctl reload postfix.service
