Lately I am getting lot of mails with a spam that links to specific phishing website, and I tried a few different regex patterns to block the mails that contains the link to that website but I am failing in blocking the mails. The email content is just some generic stuff like: So my guess is, this should fall into regex pattern for Body Filter to block any email that contain `domainname.tld` in the email weather it is in a link or just a text, as long as email content contain that domain name, block the email. The settings should be in ISPConfig control panel Email > Server settings > Content Filter And just add Regex pattern under Body Filter option I guess? But I am failing with the pattern i guess. Can someone help me out with the pattern example please ?
There is this tutorial: https://www.howtoforge.com/tutorial/how-to-block-email-from-certain-tld-in-ispconfig/ . Choose body filter instead of header filter. Read also the comments. Regex websites help testing the correct pattern. Use Internet Search Engines with: regex tester
I did read exactly this tutorial and helped me block some spam emails but in this case I am failing to block when domain name is in content. I know I need to use body filter instead of header filter and regex should be something simple but in this case it's not working, the emails keep coming through.
You could try: Code: /^(?:https?:\/\/)?(?:[^.]+\.)?telegra\.ph(\/.*)?$/i This will match any of these case insensitive(see the 'i' at the end so "tElEgR.Ph" is valid to): Code: https://telegra.ph http://telegra.ph http://www.telegra.ph https://www.telegra.ph www.telegra.ph telegra.ph
And one thing that might affect the effectiveness of a regex on the email body is that the regex is run on the raw body content of the email by postfix (at least as far as I know), emails can be encoded in various ways that might cause a regex to not match. So using a mailbox filter instead (which is run by dovecot and not postfix) might be worthy a try, if the suggestions from @pyte about improving the regex do not help.
The statement of till is correct. If the mail is Base64 encoded for example your regex has to match that Base64 to match. I don't know your setup, but for filtering content i would use rspamd with a multimap content filter. You can test your regex with postfix with this: Code: cat badmail.eml | postmap -v -b -q - pcre:/path/to/contentfilter.pcre This will give you verbose output, if a line matches or not.
