[Rspamd-Users] Rejecting TLDs

[Achim Lammerts]

Hey,
since I do not expect any e-mails from such top level domains, I also 
handle this restrictively. But instead of a REJECT I give a positive score.
If a sender has secured his address with SPF and DKIM and this can be 
validated, this score is reduced again and the e-mail can be delivered.

But spammers usually don't do this.

# multimap.conf:
SUSPICIOUS_SENDERS_TLD {
     type = "from";
     filter = "email:domain:tld";
     map = "$LOCAL_CONFDIR/local.d/suspicious_tld.map";
     regexp = true;
     description = "Suspicious senders TLD map";
     symbol = "SUSPICIOUS_SENDERS_TLD";
     score = 2.0;
     }

# suspicious_tld.map:
/.*\.art/
/.*\.best/
/.*\.city/
/.*\.click/
/.*\.club/
/.*\.email/
/.*\.expert/
/.*\.global/
/.*\.host/
/.*\.icu/
/.*\.institute/
/.*\.jobs/
/.*\.kz/
/.*\.life/
/.*\.live/
/.*\.ltd/
/.*\.monster/
/.*\.network/
/.*\.pro/
/.*\.online/
/.*\.review/
/.*\.ru/
/.*\.solutions/
/.*\.space/
/.*\.site/
/.*\.xyz/
/.*\.today/
/.*\.top/
/.*\.biz\.ua/

# report symbol:
SUSPICIOUS_SENDERS_TLD (2) [ljacmbpjo.ru]

This works for me, guess just remove the $ …

Regards
Achim

Am 03.05.23 um 13:57 schrieb Katharina Knuth via Users:
> Hello, how can I reject different top level domains?
> 
> I try that
> 
> #multimap.conf
> 
> DENY_SENDER_TLD {
>        type = "from";
>        filter = "email:domain";
>        map = "${LOCAL_CONFDIR}/local.d/denytld.map";
>        action = "reject";
>        regexp = true;
>        description = "Blacklist map for SUSPICIOUS_TLD";
>        message = "Suspicious TLD rejected";
> }
> 
> #denytld.map
> ..
> /.*\.jp$/
> /.*\.za$/
> /.*\.su$/
> /.*\.net$/
> 
> But unfortunately that doesn’t work.
> it would be nice if someone could help me.
> Thank you.
> 
> Rspamd daemon version 1.8.1 - Debian 10.13
>