Hello,
I created a filter rule that block email if *@ourdomain.tld is found in the from field:
Rule name: blacklist
Action Object: Quarantine
From: blacklist
Who object name: blacklist
Regular expression: .*@.*\.domain\.tld
Regular expression: .*@domain\.tld
This worked great when I tested when I implemented that rule some months ago but today, we received a phishing mail with this from:
	
	
	
		
This mail was accepted by the default accept rule and was not catched by my rule.
When I test the rule's regexp by copy/paste the from field value, it says it doesn't match. This say "The regular expression '^.*@domain\.tld$' did not match the text 'domain.tld'". Wait, why does it ignore the part in the brackets where the email is included? My regexp seem fine. Any idea?
				
			I created a filter rule that block email if *@ourdomain.tld is found in the from field:
Rule name: blacklist
Action Object: Quarantine
From: blacklist
Who object name: blacklist
Regular expression: .*@.*\.domain\.tld
Regular expression: .*@domain\.tld
This worked great when I tested when I implemented that rule some months ago but today, we received a phishing mail with this from:
		Code:
	
	From: "domain.tld" <quarantine@domain.tld>This mail was accepted by the default accept rule and was not catched by my rule.
When I test the rule's regexp by copy/paste the from field value, it says it doesn't match. This say "The regular expression '^.*@domain\.tld$' did not match the text 'domain.tld'". Wait, why does it ignore the part in the brackets where the email is included? My regexp seem fine. Any idea?
 
	 
	 
 
		 
 
		
 
	 
	