cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2294
Views
6
Helpful
4
Replies

Best practice to block TLDs on ESA

Greg Hopp
Level 1
Level 1

I want to block all domains that end in .bid, .top and others.  I'm ok if they never make it to the various engines for processing and are dropped during the initial SMTP handshake.  How best to accomplish?

I put .bid in the RAT with a reject, but I'm seeing .bid emails come thru.  Rather not have to play whack-a-mole.

 

Thank you for any insight.

4 Replies 4

svgeorgi
Cisco Employee
Cisco Employee

A message filter like this one would do the trick really easy:
drop_dotbid_dottop: if (mail-from == "(?i)\\.(bid|top)$") OR (header("From") == "(?i)\\.(bid|top)$") { drop(); }

 

Please note that message filters can be configured only through ESA's CLI!

You use the command filters, and sub-command new.

Very good.  I've created the message filter.  Because I have a bunch of them, I'll probably convert this to a dictionary and add them all there.  I'll monitor for success, thanks for the fast reply.

 

GrH

You're welcome!
Glad I could help here.

Greg Hopp
Level 1
Level 1
 
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: