Block a tld unless from specific domains?

DigitalEssence

Well-Known Member
May 21, 2014
49
5
8
cPanel Access Level
Root Administrator
Hi,

I know this is an Exim issue and not cPanel

I'm using StoneyCreeker's excellent EXIM filter to block Spam from certain tld's but was looking for advice on how I can block all emails from a tld unless it was from specific domains.

For example I want to block emails from .info as these domains send a huge amount of spam but squarespace and screwfix both use .info so I would like to allow them.

I currently have the following in /etc/antivirus.empty


if first_delivery
and (
("$h_from:" matches "[email protected]+\\\\.date[^.a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.info[^.a-zA-Z0-9_]")
)
then
headers add "Subject: [EXIM TLD FILTER] (was: $h_subject:)"
deliver "EXIM TLD FILTER <[email protected]>"
seen finish
endif

Can someone help with the syntax required to allow squarespace.info and screwfix.info? I'm struggling and don't want to mess up email flow on the server any more.

Thanks.​
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello @DigitalEssence,

You could try adding a "does not contain" operator for specific domains followed by an "AND" statement. For example, based on your current filter rule, the modified one might look like this:

Code:
if first_delivery
and (
("$h_from:" does not contain "domain123.tld")
or ("$h_from:" does not contain "domain456.tld")
and ("$h_from:" matches "[email protected]+\\\\.date[^.a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.info[^.a-zA-Z0-9_]")
)
then
headers add "Subject: [EXIM TLD FILTER] (was: $h_subject:)"
deliver "EXIM TLD FILTER <[email protected]>"
seen finish
endif
Note the above rule is untested. It's simply an example of how such a rule might look.

Thank you.