On Mon, 12 Feb 2018, Sebastian Nielsen via Exim-users wrote:
> I use the following banlist, works pretty well for me, for MAIL FROM stage:
>
> deny
> message = Banned TLD
> sender_domains =
> ^(?i).*\\.(bid|store|club|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university)\$
>
> And also for MIME From, for data stage:
>
> deny
> message = Banned TLD in MIME From ($h_from:)
> condition = ${if match
> {$h_from:}{^(?i).*\\.(bid|store|club|top|xyz|pro|date|faith|stream|host|loan|download|click|link|science|design|gdn|men|win|party|webcam|rocks|email|life|ninja|online|racing|review|site|trade|vividal|website|works|work|cricket|help|camera|computer|space|uno|tech|news|space|guru|berlin|photography|global|today|solutions|media|world|university)>\$}{yes}{no}}
Thanks for sharing, Sebastian! This seems very neat, and simple enough. I
think I will apply your rules in my configuration file :-)
As for me, I use:
* Pyruse (
https://yalis.fr/git/yves/pyruse/) to detect bogus connection
attempts, and ban the IP that abuse the service (so far, China, India,
Ukraine...)
* sbl.spamhaus.org to blacklist domains from my exim.conf file
Cheers,
Y.
