• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

How to Block all email from a top level domain

bradz

Regular Pleskian
Do we have a way to block all emails from a top level domain name in the Server wide Black List?
For example, I am seeing many return emails from random .tk fake domains.
I would like to block any thing from .tk
I tried entering *.tk as a domain to Black List, but it does not take it.

Thanks for any help.
Brad
 
I'm afraid that it is impossible to block top level domain with black list. But you can block mail from this top level domain - Spam Filter Settings -> Black List -> Add -> *@*.tk
Also I suggest you greylisting. You can use it with something like:

#/usr/local/psa/admin/sbin/glmng --add --black-list --address="*.tk"
 
Thanks so much! Very good point, I did not think of doing it in the spam filter.
I have not been using GrayListing, but looks like time to try it!
 
hello i have it try to plesk 18.0.23 but its not function... the command : #/usr/local/psa/admin/sbin/glmng --add --black-list --address="*.tk"
i have it try this too /usr/local/psa/admin/sbin/glmng --add --black-list --address=example.com"*.xyz" and with i server ip: but the mail come again.
can i list in the console black-list?
thx for support
 
It can't be done using Plesk's implementations, but at the server level you can do it.
I'm using postfix and dovecot and implemented it easily as follows:

# modify postfix settings a bit:
vi /etc/postfix/main.cf
# change: smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
# to:
Code:
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, check_sender_access hash:/var/spool/postfix/plesk/custom-added-blacklist, permit_sasl_authenticated

# create a new blacklist
vi /var/spool/postfix/plesk/custom-added-blacklist
# fill with your lists of TLDs as follows:
Code:
adult     REJECT 'BLOCKED: The ADULT top level domain (TLD) is currently sending too much spam.'
xxx     REJECT 'BLOCKED: The XXX top level domain (TLD) is currently sending too much spam.'
click     REJECT 'BLOCKED: The CLICK top level domain (TLD) is currently sending too much spam.'

# run these commands and you're good to go.
postmap /var/spool/postfix/plesk/custom-added-blacklist
service postfix restart

No reason Plesk couldn't easily implement this along side the blacklist they already do in the GUI but maybe they can't do it on all systems.
Seems like the only reason it can't be done in Plesk is because the form simply won't let you submit a TLD by itself without a dot.
My changes don't get overwritten by any Plesk or postfix updates so far and I implemented it back in Plesk 12, through Onyx, and now it still works in Obsidian.
 
hello piper. i have the configuration. what do you write. but after 1 hour is the spam again coming. i think plesk change the configuration. have you a idea for me?
thx hamsi
You'll want to make sure the paths are correct for your system of course.
 
i copie the line here

/etc/postfix/main.cf
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, check_sender_access hash:/var/spool/postfix/plesk/custom-added-blacklist, permit_sasl_authenticated

/var/spool/postfix/plesk/custom-added-blacklist
/\.xyz$/ REJECT
/\.kz$/ REJECT
/\.co$/ REJECT
/\.icu$/ REJECT

postmap hash:/var/spool/postfix/plesk/custom-added-blacklist

service postfix restart

after 1 houch come the next ltd mails. here is the log

/var/log/maillog
Feb 9 20:10:26 panel postfix/smtpd[7608]: warning: 93.248.xxx.xx.sbl.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=93.248.178.51.sbl.spamhaus.org type=A: Host not found, try again
Feb 9 20:10:26 panel postfix/smtpd[7608]: warning: 93.248.xxx.xx.zen.spamhaus.org: RBL lookup error: Host or domain name not found. Name service error for name=93.248.178.51.zen.spamhaus.org type=A: Host not found, try again
Feb 9 20:10:26 panel postfix/smtpd[7608]: 1987419E1B1F: client=ip93.ip-XX-XXX-XXX.eu[XX.-XX.XXX.XX]
Feb 9 20:10:26 panel postfix/cleanup[7613]: 1987419E1B1F: message-id=<[email protected]>
Feb 9 20:10:26 panel check-quota[7616]: Starting the check-quota filter...
Feb 9 20:10:26 panel psa-pc-remote[28642]: handlers_stderr: SKIP
Feb 9 20:10:26 panel psa-pc-remote[28642]: SKIP during call 'check-quota' handler
Feb 9 20:10:26 panel spf[7617]: Starting the spf filter...
Feb 9 20:10:26 panel spf[7617]: Error code: (2) Could not find a valid SPF record
Feb 9 20:10:26 panel spf[7617]: Failed to query MAIL-FROM: No DNS data for 'haircounter.xyz'.
Feb 9 20:10:26 panel spf[7617]: SPF result: none
Feb 9 20:10:26 panel spf[7617]: SPF status: PASS
Feb 9 20:10:26 panel psa-pc-remote[28642]: handlers_stderr: PASS
Feb 9 20:10:26 panel psa-pc-remote[28642]: PASS during call 'spf' handler
Feb 9 20:10:26 panel postfix/qmgr[3026]: 1987419E1B1F: from=<[email protected]>, size=4802, nrcpt=1 (queue active)
Feb 9 20:10:26 panel postfix-local[7619]: postfix-local: from=[email protected], to=[email protected], dirname=/var/qmail/mailnames
 
/\.xyz$/ REJECT
/\.kz$/ REJECT
/\.co$/ REJECT
/\.icu$/ REJECT

Not sure what the slashes and "$" is doing here... this should not be. View my example and see. Only the XYZ by itself with no dots, slashes, or regex:
Code:
xyz      REJECT
kz       REJECT
co       REJECT
icu      REJECT
 
Last edited:
I just wanted to update that you can block or blacklist a top level domain in Plesk using the following format:
@.icu
@.xyz
...

This was provided by Plesk support, ans has been verified /tested
 
I just wanted to update that you can block or blacklist a top level domain in Plesk using the following format:
@.icu
@.xyz
...
This was provided by Plesk support, ans has been verified /tested
Are you talking about the Server-Wide Mail Settings blacklist or the Spam Filter Settings blacklist?
 
Are you talking about the Server-Wide Mail Settings blacklist or the Spam Filter Settings blacklist?

To my knowledge, this works on all blacklist/whitelist locations - server-wide, as well as the domain level
 
Last edited:
So I have been able to blacklist and block all top level domains using *@*.TLD format works perfectly except those monkeys keep drawing new TLD's from the list.
I have a list of all of them I created in this format, but PLESK restricts the # of black listed items. So I'm just guessing as to what one will pop up next..... What I want to to is either inject the list manually to work around the # of items blacklisted restriction or create an "all but .TLD" so I could block all but .com, .net, .edu etc. you get the idea..This would forever head off any new spam TLD's that get added in the future.. any ideas from the brain trust?
 
I tried something like hamsi had:

Code:
/\.xyz$/ REJECT
/\.kz$/ REJECT
/\.co$/ REJECT
/\.icu$/ REJECT

But with this in the main.cf:
Code:
pcre:/etc/postfix/reject_domains
(note the prcre)

It works for domains I add like the following but not for the TLDs added like above.
Code:
/spammersandhackers\.xyz/

I'd like to try G J Piper's solution, but I'm worried that this code will do partial matches - I don't see anything that restricts it to matching tld only - am I missing something?

Not sure what the slashes and "$" is doing here... this should not be. View my example and see. Only the XYZ by itself with no dots, slashes, or regex:
Code:
xyz      REJECT
kz       REJECT
co       REJECT
icu      REJECT
 
I tried something like hamsi had:

Code:
/\.xyz$/ REJECT
/\.kz$/ REJECT
/\.co$/ REJECT
/\.icu$/ REJECT

But with this in the main.cf:
Code:
pcre:/etc/postfix/reject_domains
(note the prcre)

It works for domains I add like the following but not for the TLDs added like above.
Code:
/spammersandhackers\.xyz/

I'd like to try G J Piper's solution, but I'm worried that this code will do partial matches - I don't see anything that restricts it to matching tld only - am I missing something?

I've been researching why mine works (it doesn't do partial matches on mine) and I think it has something to do with the difference between using unhashed "pcre" instead of postmap "hash" lists. I found one person commenting that you shouldn't use regex with hash lists but with pcre it is ok.
 
Back
Top