Block a tld unless from specific domains?

[DigitalEssence]

Hi,

I know this is an Exim issue and not cPanel

I'm using StoneyCreeker's excellent EXIM filter to block Spam from certain tld's but was looking for advice on how I can block all emails from a tld unless it was from specific domains.

For example I want to block emails from .info as these domains send a huge amount of spam but squarespace and screwfix both use .info so I would like to allow them.

I currently have the following in /etc/antivirus.empty

if first_delivery
and (
("$h_from:" matches "[email protected]+\\\\.date[^.a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.info[^.a-zA-Z0-9_]")
)
then
headers add "Subject: [EXIM TLD FILTER] (was: $h_subject"
deliver "EXIM TLD FILTER <[email protected]>"
seen finish
endif

Can someone help with the syntax required to allow squarespace.info and screwfix.info? I'm struggling and don't want to mess up email flow on the server any more.

Thanks.​

 

[cPanelMichael]

Hello @DigitalEssence,

You could try adding a "does not contain" operator for specific domains followed by an "AND" statement. For example, based on your current filter rule, the modified one might look like this:

if first_delivery
and (
("$h_from:" does not contain "domain123.tld")
or ("$h_from:" does not contain "domain456.tld")
and ("$h_from:" matches "[email protected]+\\\\.date[^.a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.info[^.a-zA-Z0-9_]")
)
then
headers add "Subject: [EXIM TLD FILTER] (was: $h_subject:)"
deliver "EXIM TLD FILTER <[email protected]>"
seen finish
endif

Note the above rule is untested. It's simply an example of how such a rule might look.

Thank you.