Hi, 1) I'm trying to install some mail content filters, and found some quite complex examples which I cannot say for sure are 100% OK. Can anyone confirm? https://www.lexo.ch/blog/2017/04/so...iltering-viagra-spam-junk-e-mails-with-regex/ Code: /^From:.*\b([v|4]{1,2}(.){0,1}[li1j\!\|]{1,2}(.){0,1}[a4@]{1,2}(.){0,1}[g]{1,2}(.){0,1}[r]{1,2}(.){0,1}[a4@]{1,2})\b.*/ Code: /^Subject:.*(?=.*\b([v|4]{1,2}(.){0,1}[li1j\!\|]{1,2}(.){0,1}[a4@]{1,2}(.){0,1}[g]{1,2}(.){0,1}[r]{1,2}(.){0,1}[a4@]{1,2})\b)(?=.*(urgent|immediate|fast|cheap|sofort|g(.){0,2}nstig(e|es)?|preis|generica)).*/ https://blog.taurus2.co.uk/2012/11/headerchecks-bodychecks-and-regexp.html This seem to be OK. Code: /[rR]eplica(s)? [wW]atch(es)?|[lL]eather|[sS]hoes|[bB]oots|[fF]ootwear[\.\? ]?/ 2) What is correct way to implement forged domain mail filter? Thanks in advance.
In the email module, under Content Filter, you can add a content filter to filter the body of email messages. For regexp pattern, enter your regex. Choose discard or reject as action. This is described in the ISPConfig manual, 4.7.6.3.
I know where to enter them. The question was if 2 first regexps are correct. I can't make mistakes on production server.
You can test a regex to see if it matches the mails you want to catch with tools like https://regex101.com/ or https://regexr.com/ which is mentioned in the article you're referring to aswell. But I don't think it's a good idea to discard all mails including things like "urgent" in the subject. Are you using amavis for spamfiltering right now? In my experience, rspamd does a way better job at spamfiltering. I switched a few months ago and I am very satisfied. Maybe this would be a better solution for you?
See https://www.howtoforge.com/replacing-amavisd-with-rspamd-in-ispconfig/ for a guide on how to do this.