Block emails from ".ru" (Mail Filter)

Discussion in 'General' started by RitariRane, Sep 6, 2021.

  1. RitariRane

    RitariRane New Member

    Hey,
    I can't figure out a way to block mails from email addresses that end with .ru
    I can't use "From" & "Contains" ".ru" because someones name can be jakob.rusman for example.
    I've tried to use "From" & "Ends with" ".ru" and "ru", doesn't work, emails still come through.
    Any idea?
    And my Action: is set to "Delete".
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. RitariRane

    RitariRane New Member

  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    The per-user way to do this would be adding a spamfilter blacklist entry, but I don't think you can use that right now. The syntax for amavisd would be '@.ru' but you can't add that via the ui (probably needs a bug report filed); I don't think any syntax works for rspamd in the current form (adding an entry to settings), though you could manually configure a rule for it (probably start with the multimap module if you do, and watch for a future ispconfig version to manage mutlimap, so you don't loose your config).

    What you can do with current ispconfig is add a custom mail filter for the mailbox and discard these with sieve, using source Header, Matches Regex, 'Return-path: <.+?@(.+\\.)+\\.ru>'. That doesn't 'block' it in the 'reject in smtp' sense, but the mail won't end up in a user's mail folders.
     
  5. RitariRane

    RitariRane New Member

    Hey @Jesse Norell
    Thanks for the answer,
    this is not right, right?
    ### BEGIN FILTER_ID:121
    if header :regex ["from"] ["Return-path: <.+?@(.+\\.)+\\.ru>"] {
    discard;
    stop;
    }
    ### END FILTER_ID:121
    Doesnt seem to work, did i understand your answer right? I think my code is wrong
     
    Last edited: Sep 27, 2021
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Correct, you are matching the From header for that full Return-path header format, which is wrong; change "Source" from "From" to "Header".
     
  7. RitariRane

    RitariRane New Member

    Thanks so much, i fixed it, but still emails from .ru come through?
    ### BEGIN FILTER_ID:126
    if header :regex ["header"] ["Return-path: <.+?@(.+\\.)+\\.ru>"] {
    discard;
    stop;
    }
    ### END FILTER_ID:126
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Please copy the return-path header from some of those messages here.
     
  9. RitariRane

    RitariRane New Member

    Im testing this snippet of code with 2 ".fi" ending domains.
    I have my main mail: ____.fi, i send a test mail to mail #2 (where the custom rule is applied)

    ### BEGIN FILTER_ID:126
    if header :regex ["header"] ["Return-path: <.+?@(.+\\.)+\\.ru>"] {
    discard;
    stop;
    }
    ### END FILTER_ID:126

    it still comes through, the return path header of the emails is normal, my main mail's email address ending with .fi
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  11. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    That should be: Return-Path: <.+@(.+)+\\.ru>

    Note when using these regex testers you must escape with a single slash, so your regex to test would be more like: <.+@(.+)+\.ru>

    Sieve escaping requires double-slashes, so just double all the backslashes once you have a working regex.
     
  12. RitariRane

    RitariRane New Member

    upload_2021-9-30_8-51-39.png
    this regex thing doesnt seem to be correct, sorry im a big noob but what modifications i need to do to block @________.ru?

    @Jesse Norell @Taleman
     
  13. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    See my last reply, both for the corrected regex to use as well as how to modify it if you want to use a regex tester.
     

Share This Page