Blocking TLD

[vsupport]

We need to block the a TLD ( .bio)

I have tried the regex examples I found here but even the example fails the test.

TIA

 

[kalachev_89]

Hi. In this situation i use rule like this:
1 In what object create group "Block by TLD"
2 In group create object Match Field with value From=@.+\.bio$

3 Create rule TLD off with action Block and Object Block by TLD

 

[vsupport]

Thanks.. That did it..

 

[bougatoyta]

You can use this one if you want to block multiples TLD : @.+\.(bio|otherTLD|otherTLD)$

 

[vsupport]

Thanks...

This will simplify things a lot

Been reading about the new TLD .zip that google has introduced which the powers that be want blocked..

 

[kentur]

Did this really work?
For me with this, From (should it be From: ?)
@.+\.ru$
it still sends .ru to the regular spam checks, instead of blocking it. (admin@s6.whatever.ru)
Rule is first in list for me, '99'
Block TLD

Priority: 99
Direction: In
Active: Yes

Action: Block
What: Block by TLD.

 

[Stoiko Ivanov]

Did this really work?
For me with this, From (should it be From: ?)
@.+\.ru$
it still sends .ru to the regular spam checks, instead of blocking it. (admin@s6.whatever.ru)
Rule is first in list for me, '99'
Block TLD

Priority: 99
Direction: In
Active: Yes

Action: Block
What: Block by TLD.

Please provide the logs for such a mail - maybe then we can see what the issue is.
Is the Object with the regex a 'What' Object to match the from header or a Who Object to match the envelope sender?

 

[kentur]

It's a WHAT object as per the "how to" above

But I updated yesterday to
.*@.*\.ru
and that seems to match better. (past 24 hours, so could be too early to say)

Maybe the rule engine didn't allow for domain only matches anymore.. ?

 

[kentur]

Confirmed. The new rule blocked it.

Not sure why ti goes through spamassassin and gets a score first, when block is set as first rule. But perhaps it's part of SA process to also block?