Our customer receives only spam from a certain Top Level Domain, in our case it was .icu. The customer assumes they will never receive legitimate E-Mails from this top level domain. They want all emails from this top level domain to be blacklisted.

According to the MailWatch FAQ (https://docs.mailwatch.org/using/faq.html), question “Can I use wildcards when using the Blacklist/Whitelist (SQLBlackWhiteList)?”, matching top level domains is not currently supported.

So we changed our file /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm

In sub LookupList, add $fromtld to the local variables, and use a regular expression to get the fromtld from the message->fromdomain.

Then we added some lines like $BlackWhite->{$to}{$fromtld}; and we are done.

#
# Based on the address it is going to, choose the right spam white/blacklist.
# Return 1 if the "from" address is white/blacklisted, 0 if not.
#
sub LookupList {
  my($message, $BlackWhite) = @_;
 
  return 0 unless $message; # Sanity check the input
 
  # Find the "from" address and the first "to" address
  my($from, $fromdomain, @todomain, $todomain, @to, $to, $ip, $fromtld);
  $from       = $message->{from};
  $fromdomain = $message->{fromdomain};
  @todomain   = @{$message->{todomain}};
  $todomain   = $todomain[0];
  @to         = @{$message->{to}};
  $to         = $to[0];
  $ip         = $message->{clientip};
  $fromtld    = $message->{fromdomain};
  ($fromtld)  = $fromtld =~ /(\.\w+)$/;
 
  # It is in the list if either the exact address is listed,
  # or the domain is listed
  return 1 if $BlackWhite->{$to}{$from};
  return 1 if $BlackWhite->{$to}{$fromdomain};
  return 1 if $BlackWhite->{$to}{$fromtld};
  return 1 if $BlackWhite->{$to}{$ip};
  return 1 if $BlackWhite->{$to}{'default'};
  return 1 if $BlackWhite->{$todomain}{$from};
  return 1 if $BlackWhite->{$todomain}{$fromdomain};
  return 1 if $BlackWhite->{$todomain}{$fromtld};
  return 1 if $BlackWhite->{$todomain}{$ip};
  return 1 if $BlackWhite->{$todomain}{'default'};
  return 1 if $BlackWhite->{'default'}{$from};
  return 1 if $BlackWhite->{'default'}{$fromdomain};
  return 1 if $BlackWhite->{'default'}{$fromtld};
  return 1 if $BlackWhite->{'default'}{$ip};
 
  # It is not in the list
  return 0;
}
Now you can define .icu on your Blacklist in MailWatch. Beware of the leading dot, don’t forget that!
MailWatch & MailScanner: TLD on Blacklist
Markiert in: