Resolved Want to blacklist spam from a specific user name but have wildcards in the domain. Possible?

[David Borrink]

Server operating system version

CentOS 7.9

Plesk version and microupdate number

Plesk Obsidian 18.0.55 Update #2, last updated on Sept 28, 2023 03:36 AM

I am getting dozen of emails every day to my and my wife's email from the same source. They all have "Alex" as the name of the sender, but the email address changes constantly, though the domain always ends in .ru. I'd like to know if it's possible to set up a email block rule that would be something like this: all emails with a sender of "Alex" and any wildcard domain that ends with ".ru".

 

[Jokers]

Hello David,



I can think a fast and effective method if you’re using round cube, (it’s not needed to use the webmail, just add the filter once). Open Round cube > use your login details, > Settings > Filters > add new, and there you can customize depending your needs.



Other way, I’m thinking is via spam filter.

But there you’re limited with wildcard which can cause you blocking emails that you might need to receive. Also, Round cube, can set to match all your rules.

 

[Kaspar]

I can think a fast and effective method if you’re using round cube, (it’s not needed to use the webmail, just add the filter once). Open Round cube > use your login details, > Settings > Filters > add new, and there you can customize depending your needs.

That's actually a good and (some what) easy solution. Thanks for sharing.

 

[David Borrink]

I can think a fast and effective method if you’re using round cube, (it’s not needed to use the webmail, just add the filter once). Open Round cube > use your login details, > Settings > Filters > add new, and there you can customize depending your needs.

Okay, that seems to work. I "trapped" six of 'em last night using that method. Nice. Thanks for the tip!

 

[Jokers]

I'm happy that i helped. Of course. Good for you!

 

[David Borrink]

And I caught 11 more today. It's doing exactly what I ask. All the "Alex" emails are nailed in my "deleted items" folder on Roundcube. I can collect and discard once in a while. At least it keeps them out of my main mail app on my desktop.

 

[Change Maker]

Is there information on how you did this exactly. I'm looking in Roundcube, and can't get the create filter to operate. It's greyed out.
Also is it possible to do this on all accounts on a domain, without doing it one at a time?

 

[Change Maker]

I don't want to do this just on one email, but server wide and add domain wildcards? I know why it was greyed out because it wasn't selected, but I've created a Filter now however, it is only for the one email account? Anyone got any knowledge on this? Thanks

 

[Change Maker]

I couldn't delete the last post as it was over the 4 min limit. (any other way to remove a post)
Anyway I wanted to share what I've done and ask anyone whether the wildcard "?" in the domain name would work in this filter.


Also, is there a limit to how many more From-Contains could I add to the filter. (I know I would have to change "all of the following" to any of them.

 

[Kaspar@Plesk]

I don't want to do this just on one email, but server wide and add domain wildcards? I know why it was greyed out because it wasn't selected, but I've created a Filter now however, it is only for the one email account? Anyone got any knowledge on this? Thanks

If you like to block emails from certain senders on server level you can do so via the Spam Filter Black/Block list (Tools & Settings > Spam Filter).

Anyway I wanted to share what I've done and ask anyone whether the wildcard "?" in the domain name would work in this filter.

Wildcards can't be used when using the contains comparator. You can use matches expression instead, which allows you to use ? as a wildcard to match a single character or * as a wildcard to match zero or more characters.

Also, is there a limit to how many more From-Contains could I add to the filter. (I know I would have to change "all of the following" to any of them.

There is no hard limit. But if you're going to add hundreds of rules it might impact your server performance a little.

 

[Change Maker]

Thanks Kaspar
Those answers are very helpful.
I've been trying that on a couple of email domains. An example today is shown below. There are usually a few regular culprits so I'm hoping to nip these in the bud. I understand if there are too many, how it may impact. I will be looking eventually to use a 3rd party service, but keeping costs low for now as I'm not getting revenues till a Soft-Launch of my SaaS Platform after September. We're unusual in that as a business, we're donating money to local people in local communities from day one, and providing transparency as it happens. Lots of challenges ahead.

 

[Change Maker]

It remains now to be seen, whether these wildcards work. Time will tell.

 

[Kaspar@Plesk]

It remains now to be seen, whether these wildcards work. Time will tell.

Based on the screen shot from your previous post I can tell with a great degree of certainty that the rules won't be effective. Because as I mentioned on my previous post:

Wildcards can't be used when using the contains comparator. You can use matches expression instead, which allows you to use ? as a wildcard to match a single character or * as a wildcard to match zero or more characters.

You'll have to replace the contains comparator for matches expression.

 

[Change Maker]

Sorry Kaspar. So that I understand can I ask then if for the first one I show, what would be the correct parameters as wheat-*.asia has quite a number of servers that send spam. The numbers can have 3 digits. Am I supposed to use wheat-???.asia for example?

 

[Kaspar@Plesk]

On your rules, change contains option, highlighted in the red box on the image below, to matches expression. (And do that for all your rules on which you use a wildcard).

 

[Change Maker]

Thanks. So you can see what I've done in this example now and I want to check my understanding of ? being used as a wildcard as explained in my last response. See the Red Highlight. I explained that there are usually 3 numbers which are different domains, where I've typed ??? from this domain.

 

[Kaspar@Plesk]

A question mark wil be used a wildcard that matches any other character (including digits). So using three question marks will match three characters. But beware that each question mark covers exactly one character. So if the domain your trying to block has two digits instead of three your rule won't work.

 

[Change Maker]

Thanks for that. Yes this particular domain uses 3 digits, but your point is noted. I do hope this thread helps others who are considering Wildcards in Spam Filters.

 

[Change Maker]

Here we can now see that the wildcard of ??? used in the way I previously illustrated doesn't work.
Now it may not be a perfect system, but today I received a spam from the url I tried to block, as you can see.
I'm recording it to help anyone else trying this, and to get the input of people like Kaspar who may have further comments or suggestions.
I'm thinking that we can't overcome Spoofing. The oversea08 email is the one that's being used, but the reality is that it came via the .asia route.
Thanks

 

[mow]

View attachment 26521
Here we can now see that the wildcard of ??? used in the way I previously illustrated doesn't work.
Now it may not be a perfect system, but today I received a spam from the url I tried to block, as you can see.
I'm recording it to help anyone else trying this, and to get the input of people like Kaspar who may have further comments or suggestions.
I'm thinking that we can't overcome Spoofing. The oversea08 email is the one that's being used, but the reality is that it came via the .asia route.
Thanks

Are you sure that [email protected] is in the From: header and not Sender:? Please post the message headers.