Dear MagicSpam.
The ability to block entire countries' domain names in their incoming emails has proved very popular with our customers.
However, we badly need to be able to do the same thing with non-country-specific domain name types. There are several types in particular which seem only ever to be used by spammers and other bad actors. For some time the ".xyz" domain suffix has been a major problem. .cyou has also cropped up recently.
I realise that having a complete list of these as a drop-down in MagicSpam would be problematic, because there are now so many of them, and because new ones are being added at regular intervals.
I have tried to use the wildcard method in "Exceptions", but I don't think this works when the matching conditions are this broad?
Please help!
Blocking of entire gTLDs
Re: Blocking of entire gTLDs
Hello rgfincher,
Thank you for your post.
The option to blacklist entire top level domains can be used in MagicSpam interface:
Anti-Spam >> Exemptions >> Sender From Black List
where you can use '*' Wildcard to specify the top level domain you want to block:
e.g.
*@*.tld
Another thing you could look into is to review a few samples of the 'uncaught' sources (via the MagicSpam Log Viewer) and see if the IP address is on a particular block list at http://www.linuxmagic.com/bms - based on what you are describing we suspect that you will likely find the majority of these messages are coming from a specific IP address or subnet that is likely already listed as a spam source that may be on a list that you do not at this time have enabled.
Also if you are still having an issue with uncaught spam on your system, could you please send us your MagicSpam logs for analysis at:
support@magicspam.com
To retrieve MagicSpam logs, you can use the MagicSpam interface and access the "Logs" tab.
In the log search result output, you have the option to export/save the log search results to a CSV file. Once you have the CSV file, you can email that as an attachment to us for examination using your email client.
Please make sure that you remove entries where mua=yes and highlight only HAM entries that are spam.
Also, can you please send us screenshots of the following two tabs in your MagicSpam control panel:
Settings / Server Policies
and
Settings / IP Reputation
With the requested information, we will be able to provide better suggestions for addressing the uncaught spam issue.
Thank you.
Thank you for your post.
The option to blacklist entire top level domains can be used in MagicSpam interface:
Anti-Spam >> Exemptions >> Sender From Black List
where you can use '*' Wildcard to specify the top level domain you want to block:
e.g.
*@*.tld
Another thing you could look into is to review a few samples of the 'uncaught' sources (via the MagicSpam Log Viewer) and see if the IP address is on a particular block list at http://www.linuxmagic.com/bms - based on what you are describing we suspect that you will likely find the majority of these messages are coming from a specific IP address or subnet that is likely already listed as a spam source that may be on a list that you do not at this time have enabled.
Also if you are still having an issue with uncaught spam on your system, could you please send us your MagicSpam logs for analysis at:
support@magicspam.com
To retrieve MagicSpam logs, you can use the MagicSpam interface and access the "Logs" tab.
In the log search result output, you have the option to export/save the log search results to a CSV file. Once you have the CSV file, you can email that as an attachment to us for examination using your email client.
Please make sure that you remove entries where mua=yes and highlight only HAM entries that are spam.
Also, can you please send us screenshots of the following two tabs in your MagicSpam control panel:
Settings / Server Policies
and
Settings / IP Reputation
With the requested information, we will be able to provide better suggestions for addressing the uncaught spam issue.
Thank you.
-- MagicSpam Support Team --
Re: Blocking of entire gTLDs
Sorry, that doesn't work ( *@*.xyz )
I think only one wildcard sign is allowed.
The headers are fairly simple :
Return-Path: <MAILER-DAEMON>
X-Original-To: cbernd@REDACTED.co.uk
Delivered-To: cbern@ REDACTED.co.uk
Received: from societegenerale.com (unknown [13.95.93.92])
by mail5.101cloud.co.uk (Postfix) with ESMTP id 0B3813B95D
for <cbern@REDACTED.co.uk >; Tue, 16 Mar 2021 17:12:46 +0000 (GMT)
Date: Tue, 16 Mar 2021 11:48:07 -0500
Message-ID: <15936348118767.jS0LTMkh1MzzTGBTGe6cMygzf-q@641722328232deutschweb.xyz>
From: Royal Mail <Contact-214@deutschweb.xyz>
To: cbern@REDACTED.co.uk
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Gm-Message-State: sY+tZ/iaTFvTnTnjTJkMJnXTqDHGJTsuRTmtvicKEwQcFCCAK+O2zi7R2
Subject: =?utf-8?Q?Tell_us_about_your_Shipping_experience_and_we_will_offer_you_an_exclusive_offer_worth_=C2=A390_or_more_=F0=9F=8E=81?=
I think only one wildcard sign is allowed.
The headers are fairly simple :
Return-Path: <MAILER-DAEMON>
X-Original-To: cbernd@REDACTED.co.uk
Delivered-To: cbern@ REDACTED.co.uk
Received: from societegenerale.com (unknown [13.95.93.92])
by mail5.101cloud.co.uk (Postfix) with ESMTP id 0B3813B95D
for <cbern@REDACTED.co.uk >; Tue, 16 Mar 2021 17:12:46 +0000 (GMT)
Date: Tue, 16 Mar 2021 11:48:07 -0500
Message-ID: <15936348118767.jS0LTMkh1MzzTGBTGe6cMygzf-q@641722328232deutschweb.xyz>
From: Royal Mail <Contact-214@deutschweb.xyz>
To: cbern@REDACTED.co.uk
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Gm-Message-State: sY+tZ/iaTFvTnTnjTJkMJnXTqDHGJTsuRTmtvicKEwQcFCCAK+O2zi7R2
Subject: =?utf-8?Q?Tell_us_about_your_Shipping_experience_and_we_will_offer_you_an_exclusive_offer_worth_=C2=A390_or_more_=F0=9F=8E=81?=
Re: Blocking of entire gTLDs
Hello rgfincher,
Thank you for providing us with the headers.
From our understanding, you were able to blacklist these domains. Is that correct?
If you need any further help to deal with these uncaught spam, please send us your MagicSpam logs for analysis at:
support@magicspam.com
The instructions to retrieve the MagicSpam logs can be found on our previous message.
Please let us know if you have any further questions.
Thank you for providing us with the headers.
From our understanding, you were able to blacklist these domains. Is that correct?
If you need any further help to deal with these uncaught spam, please send us your MagicSpam logs for analysis at:
support@magicspam.com
The instructions to retrieve the MagicSpam logs can be found on our previous message.
Please let us know if you have any further questions.
-- MagicSpam Support Team --
Re: Blocking of entire gTLDs
Sorry, I am not able to block these domain names.
It accepted the string *@*.xyz as a rule, but it doesn't actually block the emails in question.
It accepted the string *@*.xyz as a rule, but it doesn't actually block the emails in question.
Re: Blocking of entire gTLDs
Hello rgfincher,
Thank you for your post.
In order to avoid exposing sensitive information here, it would be very helpful if you could send us the MagicSpam logs for examination at:
support@magicspam.com
To retrieve MagicSpam logs, you can use the MagicSpam interface and access the "Logs" tab.
In the log search result output, you have the option to export/save the
log search results to a CSV file. Please Email the CSV file as an
attachment to us.
Please make sure that you remove entries where mua=yes and highlight only HAM entries that are spam.
Also, can you please send us screenshots of the following two tabs in
your MagicSpam control panel:
* Anti-Spam / Spam Policies
* Anti-Spam / IP Reputation
Lastly, could you provide us with the following:
1. Operating system version and architecture
2. MagicSpam version
3. Were there any recent updates or upgrades in your server?
4. Was this a fresh MagicSpam installation?
5. What is the version of your web panel?
Please let us know if you have any further questions.
Thank you for your post.
In order to avoid exposing sensitive information here, it would be very helpful if you could send us the MagicSpam logs for examination at:
support@magicspam.com
To retrieve MagicSpam logs, you can use the MagicSpam interface and access the "Logs" tab.
In the log search result output, you have the option to export/save the
log search results to a CSV file. Please Email the CSV file as an
attachment to us.
Please make sure that you remove entries where mua=yes and highlight only HAM entries that are spam.
Also, can you please send us screenshots of the following two tabs in
your MagicSpam control panel:
* Anti-Spam / Spam Policies
* Anti-Spam / IP Reputation
Lastly, could you provide us with the following:
1. Operating system version and architecture
2. MagicSpam version
3. Were there any recent updates or upgrades in your server?
4. Was this a fresh MagicSpam installation?
5. What is the version of your web panel?
Please let us know if you have any further questions.
-- MagicSpam Support Team --
Who is online
Users browsing this forum: No registered users and 17 guests