I've spent the ENTIRE morning reading and cannot find a possible answer to this other than it's not a good idea to block TLD's as you could lose legitimate email... but I "know" the tld's I only want mail from. I've tried using regex to block single TLD's and that works fine using the content filter but I want .* so what is needed is the ability to stop looking at more filters once one has been satisfied... in other words -> ALLOW .com -> stop looking. So, if I don't have an ALLOW .faith, for example... it will fall to the last filter which would be REJECT .* (everything). It would make sense if I could use regex in blacklist but whitelist the TLD I want... assuming whitelisting is processed before blacklisting but I see no way to use regex in either whitelisting or blacklisting. I am finding LOTs of requests to just kill off all the novelty TLD's because they've just become a haven for spammers. DESPERATE FOR THIS SOLUTION
I haven't tried this and don't use it, but I think the blacklist/whitelist configure amavisd-new, so the syntax for 'everything' would be '@.' and syntax for a tld is either '@.tld' or just '@tld'. Blocking in postfix would be more efficient than blocking in amavis, and can be done in a couple ways. One is via the content filter, see https://www.howtoforge.com/tutorial/how-to-block-email-from-certain-tld-in-ispconfig/ A second option is to add an entry to smtpd_sender_restrictions to use an access map which allows the tld's you want, then rejects all else (it's more efficient than a "content filter", but doesn't have a gui to configure it, if that matters to you.) It's much less efficient than blocking in postifx, but if you have a current version of spamassassin and update it regularly (eg. nightly sa-update), the new tld's should be handled pretty well (via 20_aux_tlds.cf).
