We are getting flooded with html spam that contains the cn TLD in a link. Eg:

abcde.cn

Will this filter work?

if grep -iq '.cn'; then exit 99; fi

what I'm concerned about is the period before cn affecting the script in a manner that I don't understand and wiping out good emails.

Any thoughts?

Will this filter work?

if grep -iq '.cn'; then exit 99; fiThat will block any message having the string "cn" in it not at the start of a line (the "." is interpreted as "any one character"). You probably want something like the following:if grep -iq '\.cn["/]'; then exit 99; fiThis will match the literal strings '.cn"' (for things like '<a href="http://foo.cn">') and '.cn/' (for things like 'http://foo.cn/blah'). If those strings appear in an innocuous message, though, it will be silently dropped just the same as the Chinese spam.

Hello Bruce,

I've tried your code suggestion but your filter is deleting all the informations from the email. If I send an email to the protected address, the mail was sent from "Unknown" with no subject.

-Manfred

The only way that recipe should be able to modify the content at all is if it was installed as a "processor" instead of a "simple filter". I see a similar custom filter recipe installed on one of your domains now but with a typo that will cause all mail to that mailbox be deferred (note the unbalanced quotes):if grep -iq .cn'; then exit 99; fiAm I looking at the right domain?

I did try the simple filter as I posted on a test account and it was killing all incoming email.

I used Bruce Guenter's suggestion (thank you very much) and so far test emails are getting through. Will do a bit more testing.

And of course, the .cn spam has subsided for the moment . . .

Ahhh, my mistake. I did install it as a "processor". Thank you Bruce :)