Block emails from ".ru" (Mail Filter)

Discussion in 'General' started by RitariRane, Sep 6, 2021.

  1. RitariRane

    RitariRane New Member

    Hey,
    I can't figure out a way to block mails from email addresses that end with .ru
    I can't use "From" & "Contains" ".ru" because someones name can be jakob.rusman for example.
    I've tried to use "From" & "Ends with" ".ru" and "ru", doesn't work, emails still come through.
    Any idea?
    And my Action: is set to "Delete".
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  3. RitariRane

    RitariRane New Member

  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    The per-user way to do this would be adding a spamfilter blacklist entry, but I don't think you can use that right now. The syntax for amavisd would be '@.ru' but you can't add that via the ui (probably needs a bug report filed); I don't think any syntax works for rspamd in the current form (adding an entry to settings), though you could manually configure a rule for it (probably start with the multimap module if you do, and watch for a future ispconfig version to manage mutlimap, so you don't loose your config).

    What you can do with current ispconfig is add a custom mail filter for the mailbox and discard these with sieve, using source Header, Matches Regex, 'Return-path: <.+?@(.+\\.)+\\.ru>'. That doesn't 'block' it in the 'reject in smtp' sense, but the mail won't end up in a user's mail folders.
     
  5. RitariRane

    RitariRane New Member

    Hey @Jesse Norell
    Thanks for the answer,
    this is not right, right?
    ### BEGIN FILTER_ID:121
    if header :regex ["from"] ["Return-path: <.+?@(.+\\.)+\\.ru>"] {
    discard;
    stop;
    }
    ### END FILTER_ID:121
    Doesnt seem to work, did i understand your answer right? I think my code is wrong
     
    Last edited: Sep 27, 2021
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Correct, you are matching the From header for that full Return-path header format, which is wrong; change "Source" from "From" to "Header".
     
  7. RitariRane

    RitariRane New Member

    Thanks so much, i fixed it, but still emails from .ru come through?
    ### BEGIN FILTER_ID:126
    if header :regex ["header"] ["Return-path: <.+?@(.+\\.)+\\.ru>"] {
    discard;
    stop;
    }
    ### END FILTER_ID:126
     
  8. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Please copy the return-path header from some of those messages here.
     
  9. RitariRane

    RitariRane New Member

    Im testing this snippet of code with 2 ".fi" ending domains.
    I have my main mail: ____.fi, i send a test mail to mail #2 (where the custom rule is applied)

    ### BEGIN FILTER_ID:126
    if header :regex ["header"] ["Return-path: <.+?@(.+\\.)+\\.ru>"] {
    discard;
    stop;
    }
    ### END FILTER_ID:126

    it still comes through, the return path header of the emails is normal, my main mail's email address ending with .fi
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  11. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    That should be: Return-Path: <.+@(.+)+\\.ru>

    Note when using these regex testers you must escape with a single slash, so your regex to test would be more like: <.+@(.+)+\.ru>

    Sieve escaping requires double-slashes, so just double all the backslashes once you have a working regex.
     
  12. RitariRane

    RitariRane New Member

    upload_2021-9-30_8-51-39.png
    this regex thing doesnt seem to be correct, sorry im a big noob but what modifications i need to do to block @________.ru?

    @Jesse Norell @Taleman
     
  13. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    See my last reply, both for the corrected regex to use as well as how to modify it if you want to use a regex tester.
     

Share This Page