How to Block Email from certain TLDs (Top Level Domains) in ISPConfig
Spam is an annoyance and there's a multitude of ways to counteract it. However spammers also get smarter and try to bypass filters and stuff. In addition, ICANN has lately approved a great mean gTLDs (generic Top Level Domains), like .biz, .info etc. Some of those gTLDs are, in my opinion, exclusive used by spammers. Lately, I have gotten a lot of spam from the .xyz gTLD. So the question was, how to block email coming from such domains using that gTLD.
ISPConfig offers some global filters and they can be used to block all such emails and I'll show you how to do that.
1. Log into ISPConfig as Administrator
The first thing you have to do is to login into ISPConfig with an admin account. The reason for this is that the global filters are being modified.
2. Go to the Global Content Filters
Once you've logged in as administrator, go click on the Email tab in the top navigation menu and then from the left-hand menu select the Content Filter entry in the Global Filters section.
3. Add new Content Filter
Once the Postfix Header and Body Checks page is loaded, click on the button to Add new Content Filter
4. Fill in the Filter form and submit
Now the Mail Content Filter form has been opened and you can set various things there.
1. You need to select the server.
2. Make sure to set Filter to Header Filter.
3. The Pattern: The Regexp. Pattern. This form field is actually used to check if the header contents of an email that contains the unwanted TLD. For the TLD .xyz you'll have to enter the following pattern:
Let's split this up a bit. The forward slashes "/" are the limiters for the pattern. The "<" and ">" are literal strings. Email addresses are always enclosed in those brackets in the mail header. After the opening "<" the pattern looks for any number of characters, followed again by an "@". After the "@" it looks again for any number of characters until the literal string of ".xyz". The "." in that literal string is escaped, since a "." in regular expressions has a special meaning. By escaping it, we tell the parser, that it's a literal character and not the special regexp one. Finally, it looks for the closing bracket after the TLD. For those proficient with globs, one could say that this pattern is like "<*@*.xyz>"
The Data field can be left empty. However it will be logged into the mail log and also it can tell other mailservers why their email is being rejected. For this, it's a good thing to give it a meaningful entry, e.g. "No mail from .xyz gTLD allowed". By providing meaningful text it will make your life easier to figure out which filter rule is responsible for blocking an email. If someone complains about email not receiving, check the mail log and you'll see the reason (=Data field) for it.
4. you can set which Action to take if the pattern matches. The recommendations here are either Reject or Discard. Reject means, the mail won't be accepted by the mail server and the sending mail server will be informed about it with the Data form field given as reason as well. If you chose to use Discard, then the mail server will just delete the email.
5. Of course, Activate checkbox also needs to be checked. Otherwise this filter pattern isn't being processedand also press the Save button.
5. Repeat this for other TLDs
Repeat the above steps for other TLDs you want to have blocked. Since you already have one entry, you can just easily copy the Regexp. Pattern and adjust the according tld text string there.