Filter out unwanted TLD's RSS


My client is getting HUGE quantities of spam from abroad. They only recieve email from .com .net .org . How can we simply can dump the rest? how do I make a list of the above so it kicks eveything else on arrival?


by Richeyyy 3 years ago

Hello Richeyyy,

You can do this by adding a regular expression to the Sender Blacklist that matches every TLD, but the specified ones:

1. Start the ORF Administration Tool and connect to the local or remote ORF instance
2. Navigate to the Sender Blacklist page (Blacklists > Sender Blacklist)
3. Click New
4. Select the 'Regular expression (Perl-compatible)' mask type
5. Enter the following expression into the ‘Email address/mask field’: (?!.*\.(com|uk|org|etc|etc|etc))
6. Click OK
7. Save the configuration to apply the filter (CTRL + S or File > Save Configuration)

Please let me know if this has helped.

by Daniel Novak (Vamsoft) 3 years ago

Thank you for that

In line 5. if I put these in are they the ones that will be blocked or allowed? I rather only want to allow the ones you have specified and putting them in the blacklist seems like they will be blocked?

by Richeyyy 3 years ago

Hello Richeyyy,

I understand you concern, however I can assure you that this is the regular expression you would want to use in this case. Here is a short explanation of the metacharacters used in the regex (?!.*\.(com|uk|org|etc|etc|etc)):

(?!foo) - (negative lookahead) This is a negative lookahead assertion, which is used to match something only if it is NOT followed by 'foo'. For example, the regex 'Corben (?!Dallas)' will match 'Corben ' if it is NOT followed by 'Dallas'.
. - (dot) Matches any one character.
* - (star) This is a repetition metacharacter or quantifier, which matches the character preceding it, any number of times.
\ - (escaped 'character') Matches the literal 'character' after the backslash. In our case, the dot character (\.).
() - (parentheses) Limits the scope of alternation.
| - (alternation) Matches either expression it separates.

A crude translation of the regex would read - The regex will match(=blacklist) everything by default, but it will NOT match if a dot character - preceded by any character - is followed by the characters 'com' or 'uk' or 'org' or 'etc'.

I hope this helps.

by Daniel Novak (Vamsoft) 3 years ago

@Daniel Novak (Vamsoft): Ok that's a very useful explanation!

Sorry to be a pain but a lot of the spam we are getting is from etc, how would we deal with this?

by Richeyyy 3 years ago
(in reply to this post)


@Richeyyy: In that case, simply "anchor" the pattern to the end of the line with the $ (dollar) metacharacter: (?!.*\.(com|uk|org|etc|etc|etc)$)

You can test the regex in the Email Address Expression dialog (Blacklists > Sender Blacklist > New). Make sure to select the 'Regular expression (Perl-compatible)' mask type, though.

by Daniel Novak (Vamsoft) 3 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed