Blocking TLD

Hi. In this situation i use rule like this:
1 In what object create group "Block by TLD"
2 In group create object Match Field with value From=@.+\.bio$
1684969131390.png
3 Create rule TLD off with action Block and Object Block by TLD
 
  • Like
Reactions: Stoiko Ivanov and vsupport
Did this really work?
For me with this, From (should it be From: ?)
@.+\.ru$
it still sends .ru to the regular spam checks, instead of blocking it. (admin@s6.whatever.ru)
Rule is first in list for me, '99'
Block TLD

Priority: 99
Direction: In
Active: Yes

Action: Block
What: Block by TLD.
 
kentur said:
Did this really work?
For me with this, From (should it be From: ?)
@.+\.ru$
it still sends .ru to the regular spam checks, instead of blocking it. (admin@s6.whatever.ru)
Rule is first in list for me, '99'
Block TLD

Priority: 99
Direction: In
Active: Yes

Action: Block
What: Block by TLD.
Click to expand...
Please provide the logs for such a mail - maybe then we can see what the issue is.
Is the Object with the regex a 'What' Object to match the from header or a Who Object to match the envelope sender?
 
It's a WHAT object as per the "how to" above :)

But I updated yesterday to
.*@.*\.ru
and that seems to match better. (past 24 hours, so could be too early to say)

Maybe the rule engine didn't allow for domain only matches anymore.. ?
 
Confirmed. The new rule blocked it.

Not sure why ti goes through spamassassin and gets a score first, when block is set as first rule. But perhaps it's part of SA process to also block?
 
You must log in or register to reply here.
Top Bottom