When the internet first started there were only six Top Level Domains (TLD or gTLD), .com, .edu, .org, .net, .gov, and .mil. Outside of these each country had their own TLD called Country Code Top-Level Domain (ccTLD) such as the United Kingdom who uses the .uk prefix. However, in 2012 ICANN and IANA ended the restrictions on TLDs, which essentially meant that anyone could register a TLD. We saw an explosion of weird and wonderful TLD pop up and at the last count there are in excess of 1500 TLDs available ranging from .accountant to .xyz.
With so many TLDs available you will find many Domain Registrars offering crazy introductory offers for the first year of registration and have seen TLDs like .top for $0.88/y. From these domains we have seen a significant amount of unsolicited emailed spam messages, also referred to as junk email, being sent and are being used almost exclusively for malicious activity. The email spammers are signing up for these cheap TLD and continually sending out spam to legitimate email addresses. In September 2019, it was estimated that Spam messages accounted for 54.68% of all email traffic.
In this guide we are going to show you how to block specific TLDs with Exim and SpamAssassin using a global blacklist of domains and how users can block domains using SpamAssassin in the DirectAdmin dashboard. We will assume that you have already installed SpamAssassin, Exim and SpamBlocker on your DirectAdmin server.
The Spamhaus Project maintain a list of the current most prolific spam TLDs. They score the TLDs on a ratio of good to bad domains indicating that the registry needs to do a better job at enforcing policies and reducing abusers and the amount of suspected spam messages received. The Spamhaus Project TLD list is updated on a regular basis and can be found here. For this guide we will use this list to help you get started in reducing the amount of spam received. If you want to view all TLDs currently available so you can curate a more extensive list the IANA TLD list can be found here.
How to Blacklist TLDs, Domains or Email Address Globally
In order to block blacklisted domains throughout our server we will be using the SpamBlocker blacklist domains feature built into DirectAdmin. You can also use the SpamBlocker feature to block bad sender hosts or IPs, blacklist senders and whitelist domains, hosts or senders.
The files are located in the /etc/virtual/ folder. The full list of file locations are:
/etc/virtual/bad_sender_hosts /etc/virtual/bad_sender_hosts_ip /etc/virtual/blacklist_domains /etc/virtual/blacklist_senders /etc/virtual/whitelist_domains /etc/virtual/whitelist_hosts /etc/virtual/whitelist_hosts_ip /etc/virtual/whitelist_senders /etc/virtual/use_rbl_domains /etc/virtual/skip_av_domains /etc/virtual/skip_rbl_domains
It is important that these files have the same ownership
and permissions as your /etc/virtual/domains file. If you have installed SpamBlocker using custombuild the ownership and permissions will already be set correctly.
These files will only be activated on domains which are enabled in the /etc/virtual/use_rbl_domains file. To make sure you have setup RBL Blocking on your DirectAdmin server, log into your control panel and go to Server Manager > Adminstrator Settings >Email Settings and select the Use RBL Blocking checkbox.
To block blacklisted domains globally on our server will be using the /etc/virtual/blacklist_domains file. To edit this file we will use the following command:
nano /etc/virtual/blacklist_domains
When this file first loads it may be empty, don’t panic. Now we will need to copy and paste the list of domains we want to add to the blacklist. This list is the current Top 10 most abused TLDs as supplied by Spamhaus, you can if you wanted add or remove these TLDs as you need.
*.live *.gg *.tk *.ga *.buzz *.cf *.fit *.ml *.loan *.date
You will notice the * in front of the TLD. This means SpamBlocker will block using wildcard domain for example if an email address from .live TLD email@domain.live was received it would be blocked with the error message 554 denied. 5.7.1 Domain Blocked due to SPAM.
If you wanted to block a specific domain from the .live TLD, you could use domain.live instead of using the wildcard regex *.live.
Now we need to restart the Exim server using the following command:
service exim restart
That’s it. You have successfully setup Exim, SpamBlocker and SpamAssassin to block Blacklisted Domains.
How to Blacklist TLDs, Domains or Email Address using SpamAssassin
Individually Blacklist
To block Blacklist Domains in SpamAssassin you will need to log into your DirectAdmin dashboard. Once the dashboard has loaded select SpamAssassin Setup icon.
Once the SpamAssassin panel has loaded you will see different configurable options such as spam location, spam score threshold, etc. You can adjust these options to your requirements. If SpamAssassin is not currently enabled just select the Enable SpamAssassin button and the SpamAssassin panel will load.
The area we will be focusing on for this guide is the E-mail Blacklist section. Here you can use the wildcard TLD, wildcard domain or specific email address you wish to blacklist. Any email addresses in this section will be blocked and automatically tagged as spam.
In the image below you can see we have entered three different options under the Blocked E-mail section. The *@*.live example means that any email or domain using the .live TLD will be blocked. The *@domain.live example means that any email coming from domain.live will be blocked. The email@domain.live example means that any email originating from the email@domain.live will be blocked.
Once you have entered the blacklisted TLDs, domains or email address don’t forget to select the Save button. This will automatically update your user preferences within SpamAssassin.
Bulk Blacklist
When using the SpamAssassin panel you will need to enter each TLDs, domains or email address that you want to block individually. However, if you wanted to update a large number of TLDs, domains or email address you can edit the user preferences file within SpamAssassin directly. To edit the file click the Manually edit the config file yourself link in the top right of the SpamAssassin panel.
This will load the user preferences file and enable you to edit it directly. In the image below you can see we have add the blacklist for *@*.live , *@domain.live and email@domain.live. When you paste the TLDs, domains or email address in the user preferences file you need to ensure that they are prefixed with blacklist_from, for example blacklist_from *@*.live, otherwise SpamAssassin won’t be able to block the list. Once completed just click the Save button and then press the Back to return to the SpamAssassin panel.
Once you return to the SpamAssassin panel you will see the E-mail Blacklist section has been updated with the details you entered into the user preferences file.
That’s it. You have now successfully setup SpamAssassin to block TLDs, domains or email addresses from reaching your mailbox.
