Well, it was worth a try. :-/
About 12 hours after I put that RE in place, I got another one from a different domain in '.icu'. It was held for moderation, not automatically discarded.
I have: 8 email addresses in accept_these_nonmembers 0 email addresses in hold_these_nonmembers 0 email addresses in reject_these_nonmembers ^@.*\.icu$ in discard_these_nonmembers 'Hold' for generic_nonmember_action 'Yes' for forward_auto_discards but it seemed to make no difference; the UCE was still held for moderation.
I'm going to try putting "from: .*@.*\.icu" in header_filter_rules and see if that makes any difference.
Any other ideas?
-Chip-
On 5/30/2019 7:03 PM, Robert Heller wrote:
At Thu, 30 May 2019 11:57:44 -0400 Chip Davis chip@aresti.com wrote:
I've supported a dozen Mailman listservers for over a dozen years. This doesn't represent much real effort most of the time. I've had to block specific users often and specific domains rarely, but this is the first time I've had to block an entire TLD.
Recently I've been gifted with an inordinate amount of UCE from many different domains under the '.icu' TLD.
Since Python RE's are _almost_ the same as the UNIX RE's I used many years ago, if I put
^@.*\.icu$
in discard_these_nonmembers, will it block all domains in that TLD?
Yes.
And not block anyone else?
Yes.
I've done this, and then I took things a step further:
What *I* have done (because I can), is configure rejection of both domains AND cidrs at the Postfix level, putting REJECT's in both /etc/postfix/access and /etc/postfix/cidr.clients. (I use *REJECT* for a reason: I figure if these idiots are going to make trouble for me, I'll make trouble for them -- eg now they will will get reject messages. Also when the addresses are from legit mail servers, the admins there will get a wake up call and presumably do something -- I have discovered that there is really little point in sending anything to the [so-called] 'abuse' addresses.)
I've also configured mimedefang and spamassassin to *reject* spam at the Postfix as well. Very little gets though now.
Thanks,
-Chip Davis-
Mailman 2.1.27 > shared host linux 2.6.32-696.18.7.el6.x86_64 cPanel 80.0.10
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com