Use wildcard to block spam at the end via regexp in bad_sender_hosts, how?

[Richard G]

I don't know regexp so I need some help.

The various blacklistfiles in the /etc/virtual directory are based on nwildlsearch which means if you use a * wildcard, it has to be in the beginning of the line for example *.store, you can't use someting.* in these files.
That's how I thought this only would work with the nwildlsearch method.

But I thought there should be a better way so I searched and now I found these examples on the internet for nwildlsearch usage:

[email protected]
*@somespamsite.com
*@someotherspamsite.com
^known-first-part@mail[.].*
^another-known-first-part@.*

with this explaining text belonging to it.

Note that the * wilcards only work for the leading part of theaddress. For any other wildcarding – for example, ignoring thetrailing part of the address – we have to use a regular expression(cued by starting the line with ^).

That contains the word "regular expression" and then abracadabra starts in my head.

Now we are receiving spam from addresses like this:
mail-koreacentralazolkn19012059.outbound.protection.outlook.com
now the mail-koreacentralazolkn part stays the same, but the number often changes.

Am I correct I would be able to block these too in the bad_sender_hosts like this with a * at the end, when using a ^in front of the line?
^mail-koreacentralazolkn*
or am I undersanding this incorrectly? Maybe @zEitEr you have a clue?

 

[zEitEr]

Hello Richard,

Thank you for tagging me here. I'm under an impression, that * wilcards only work for the leading part of the address.

I will need to check the other way to use the things first. Then I will be able to reply.

 

[kristian]

Am I correct I would be able to block these too in the bad_sender_hosts like this with a * at the end, when using a ^in front of the line?
^mail-koreacentralazolkn*

If it in fact turns into a regex parse by using ^ at the start, then simply * alone would not match "anything else", because it's a modifier in regex. You'd need to use .* which would mean "any character" (.) zero or more times (*).

So, maybe this will work: ^mail-koreacentralazolkn.*

 

[Richard G]

If it in fact turns into a regex parse by using ^ at the start, then simply * alone would not match "anything else", because it's a modifier in regex. You'd need to use .* which would mean "any character" (.) zero or more times (*).

So, maybe this will work: ^mail-koreacentralazolkn.*

Aha! Thank you very much. From the example's the dot was on a logical place. So I didn't know if it was there because it should be there, or if it was part of the regular expression (as I don't know about RE's).

If I can bother you another time, then what would it be if I really wanted the dot included for some reason?
For example I now block *@something.adomain.com but I don't want to block *@something.adomain.org would it be a double dot then so like:
^*@something.*.com or ^.*@something.*.com or something else?
Because in the blacklist_senders file e-mail addresses are used. So I'm puzzling still with the wildcard front and end or between and the @ for email address.