-4

I get spam e-mails from places such as whatever@hungry.lmtaken.top among a LOT of others. I have an appropriate entry in /etc/hosts.deny but it doesn't seem to block anything from the .top domain. See below. Is it wrong? I tried simply ".top" as the entry below but it didn't work either.

sendmail: .*.top

Thanks in advance to anyone who can help.

FRED BAKER
  • 9
  • 1
    hosts.deny operates on hostnames and IP addresses, not email addresses. You will need to find a more appropriate way to block spam. – Michael Hampton Dec 12 '16 at 17:56
  • That's exactly what I'm looking to do, though. I want to block anything from .top domain. Does my entry not look right? – FRED BAKER Dec 12 '16 at 18:04
  • 1
    You're using the wrong tool for the job just like @MichaelHampton said. Of course your entry is wrong. It won't ever be right in /etc/hosts.deny. –  Dec 12 '16 at 18:23
  • No, no -- I've got this to work to block all sendmail from select addresses via IP before. I just want to use it to block a specific domain now. Should the line just be "sendmail: .top" ? – FRED BAKER Dec 12 '16 at 18:28
  • 1
    You think it was doing what you wanted, when in reality it was doing something else. Please read `man hosts.deny` before you go any further. – Michael Hampton Dec 12 '16 at 18:29
  • 1
    As was already said, you aren't trying to block IP addresses, you're trying to block an email address. This tool does not work on email addresses. The email address has no bearing on the name / IP of the host making the connection and couldn't be known until after the decision to block has already been made or not. –  Dec 12 '16 at 18:30
  • NO, NO, NO. I'm trying to block ANYTHING from the .top domain from being answered by the sendmail daemon on the whole box. THe individual's e-mail address does not matter. – FRED BAKER Dec 12 '16 at 18:35
  • Then why did you list an email address in your question and not a connection log? –  Dec 12 '16 at 18:41
  • It was just an example of the type of mail I wanted to block by doing this. Previously I had enumerated a lot of specific IPs in hosts.deny such as this: "sendmail: 185., 109., 187." and it DID block those IPs from sending mail here. But when I specify a domain like ".top" the mails from .top still get by. That's my problem. – FRED BAKER Dec 12 '16 at 18:45
  • I even tried: ALL : .top to no avail since there's nothing of interest coming into that box from such a domain. Mail still gets through from an assortment of .top addresses. Does this method not apply to EL5? – FRED BAKER Dec 13 '16 at 22:10
  • 1
    You didn't read `man hosts.deny`. – Michael Hampton Dec 17 '16 at 13:19

1 Answers1

2

The hosts.deny file is not used for this - it is just not the correct file to achieve what you want. E-mails from .top are probably being sent from mail servers which have a hostname (fqdn) that is not in the .top domain. For example mailserver.spam.ru could be connecting to your mailserver and saying MAIL FROM: whatever@hungry.lmtaken.top. Investigate SpamAssassin and grey listing among other tools and techniques.

bao7uo
  • 1,664
  • 11
  • 24