Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3273
Views
6
Helpful
4
Replies

Best practice to block TLDs on ESA

Greg Hopp
Level 1
Level 1

‎07-11-2018 01:08 PM - edited ‎07-31-2018 12:15 PM

I want to block all domains that end in .bid, .top and others.  I'm ok if they never make it to the various engines for processing and are dropped during the initial SMTP handshake.  How best to accomplish?

I put .bid in the RAT with a reject, but I'm seeing .bid emails come thru.  Rather not have to play whack-a-mole.

 

Thank you for any insight.

Labels:
0 Helpful
4 Replies 4

svgeorgi
Cisco Employee
Cisco Employee

‎07-11-2018 01:34 PM - edited ‎07-11-2018 01:36 PM

A message filter like this one would do the trick really easy:
drop_dotbid_dottop: if (mail-from == "(?i)\\.(bid|top)$") OR (header("From") == "(?i)\\.(bid|top)$") { drop(); }

 

Please note that message filters can be configured only through ESA's CLI!

You use the command filters, and sub-command new.

Greg Hopp
Level 1
Level 1
In response to svgeorgi

‎07-11-2018 01:45 PM

Very good.  I've created the message filter.  Because I have a bunch of them, I'll probably convert this to a dictionary and add them all there.  I'll monitor for success, thanks for the fast reply.

 

GrH

0 Helpful

svgeorgi
Cisco Employee
Cisco Employee
In response to Greg Hopp

‎07-11-2018 01:47 PM

You're welcome!
Glad I could help here.
0 Helpful

Greg Hopp
Level 1
Level 1

‎07-31-2018 12:15 PM

 
0 Helpful
Customers Also Viewed These Support Documents