Filter out unwanted TLD's - ORF Forums

Filter out unwanted TLD's RSS Back to forum


My client is getting HUGE quantities of spam from abroad. They only recieve email from .com .net .org . How can we simply can dump the rest? how do I make a list of the above so it kicks eveything else on arrival?


by Richeyyy 3 years ago

Hello Richeyyy,

You can do this by adding a regular expression to the Sender Blacklist that matches every TLD, but the specified ones:

1. Start the ORF Administration Tool and connect to the local or remote ORF instance
2. Navigate to the Sender Blacklist page (Blacklists > Sender Blacklist)
3. Click New
4. Select the 'Regular expression (Perl-compatible)' mask type
5. Enter the following expression into the ‘Email address/mask field’: (?!.*\.(com|uk|org|etc|etc|etc))
6. Click OK
7. Save the configuration to apply the filter (CTRL + S or File > Save Configuration)

Please let me know if this has helped.

by Daniel Novak (Vamsoft) 3 years ago

Thank you for that

In line 5. if I put these in are they the ones that will be blocked or allowed? I rather only want to allow the ones you have specified and putting them in the blacklist seems like they will be blocked?

by Richeyyy 3 years ago

Hello Richeyyy,

I understand you concern, however I can assure you that this is the regular expression you would want to use in this case. Here is a short explanation of the metacharacters used in the regex (?!.*\.(com|uk|org|etc|etc|etc)):

(?!foo) - (negative lookahead) This is a negative lookahead assertion, which is used to match something only if it is NOT followed by 'foo'. For example, the regex 'Corben (?!Dallas)' will match 'Corben ' if it is NOT followed by 'Dallas'.
. - (dot) Matches any one character.
* - (star) This is a repetition metacharacter or quantifier, which matches the character preceding it, any number of times.
\ - (escaped 'character') Matches the literal 'character' after the backslash. In our case, the dot character (\.).
() - (parentheses) Limits the scope of alternation.
| - (alternation) Matches either expression it separates.

A crude translation of the regex would read - The regex will match(=blacklist) everything by default, but it will NOT match if a dot character - preceded by any character - is followed by the characters 'com' or 'uk' or 'org' or 'etc'.

I hope this helps.

by Daniel Novak (Vamsoft) 3 years ago

@Daniel Novak (Vamsoft): Ok that's a very useful explanation!

Sorry to be a pain but a lot of the spam we are getting is from etc, how would we deal with this?

by Richeyyy 3 years ago
(in reply to this post)


@Richeyyy: In that case, simply "anchor" the pattern to the end of the line with the $ (dollar) metacharacter: (?!.*\.(com|uk|org|etc|etc|etc)$)

You can test the regex in the Email Address Expression dialog (Blacklists > Sender Blacklist > New). Make sure to select the 'Regular expression (Perl-compatible)' mask type, though.

by Daniel Novak (Vamsoft) 3 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2