07-11-2018 01:08 PM - edited 07-31-2018 12:15 PM
I want to block all domains that end in .bid, .top and others. I'm ok if they never make it to the various engines for processing and are dropped during the initial SMTP handshake. How best to accomplish?
I put .bid in the RAT with a reject, but I'm seeing .bid emails come thru. Rather not have to play whack-a-mole.
Thank you for any insight.
07-11-2018 01:34 PM - edited 07-11-2018 01:36 PM
A message filter like this one would do the trick really easy:
drop_dotbid_dottop: if (mail-from == "(?i)\\.(bid|top)$") OR (header("From") == "(?i)\\.(bid|top)$") { drop(); }
Please note that message filters can be configured only through ESA's CLI!
You use the command filters, and sub-command new.
07-11-2018 01:45 PM
Very good. I've created the message filter. Because I have a bunch of them, I'll probably convert this to a dictionary and add them all there. I'll monitor for success, thanks for the fast reply.
GrH
07-11-2018 01:47 PM
07-31-2018 12:15 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: