cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
492
Views
5
Helpful
4
Replies
Highlighted
Beginner

Best practice to block TLDs on ESA

I want to block all domains that end in .bid, .top and others.  I'm ok if they never make it to the various engines for processing and are dropped during the initial SMTP handshake.  How best to accomplish?

I put .bid in the RAT with a reject, but I'm seeing .bid emails come thru.  Rather not have to play whack-a-mole.

 

Thank you for any insight.

Everyone's tags (3)
4 REPLIES 4
Cisco Employee

Re: Best practice to black TLDs on ESA

A message filter like this one would do the trick really easy:
drop_dotbid_dottop: if (mail-from == "(?i)\\.(bid|top)$") OR (header("From") == "(?i)\\.(bid|top)$") { drop(); }

 

Please note that message filters can be configured only through ESA's CLI!

You use the command filters, and sub-command new.

Beginner

Re: Best practice to black TLDs on ESA

Very good.  I've created the message filter.  Because I have a bunch of them, I'll probably convert this to a dictionary and add them all there.  I'll monitor for success, thanks for the fast reply.

 

GrH

Cisco Employee

Re: Best practice to black TLDs on ESA

You're welcome!
Glad I could help here.
Beginner

Re: Best practice to black TLDs on ESA