Yes and no... Since it's the from header you need to anchor it with > as 
it contains more than the address.  and use 'rexp' instead of 'isin' if 
you wish to use regular expression syntax.


     ChrisP.



On 13/07/2016 12:55 a.m., Steve Perrault wrote:
> Can you anchor that with a $?
>
> For instance, HIDDEN@in$"
>
> I get a lot of new domains with proper MX/SPF records ending with .win 
> or these other new TLD's
>
> Problem is, .win matches a lot of our customer domains without the 
> anchor (we're based in Windsor, Ontario)
>
> - SteveP
>
> On 7/11/2016 6:46 PM, surgemail-support wrote:
>> In mfilter.rul
>>
>>     if (isin("from",HIDDEN@om")) then
>>         reject "not wanted thanks"
>>     end if
>>
>> ChrisP.
>>
>>
>> On 12/07/2016 12:00 a.m., Lyle wrote:
>>> From header.
>>>
>>> Lyle
>>>
>>> On 07/10/16 20:49, surgemail-support wrote:
>>>> Do you mean sent with a 'from' header of xyz.com, or by an 
>>>> authenticated user ofHIDDEN@z.com or with a return path of xyz.com, 
>>>> or something else ?
>>>>
>>>>     ChrisP.
>>>>
>>>>
>>>>
>>>> On 11/07/2016 1:13 p.m., surgemailHIDDEN@etwinsite.com wrote:
>>>>> I have a wordpress site that has been hacked.  The hackers 
>>>>> apparently uploaded multiple copies of basically the same script 
>>>>> that allows them to send email from that website.  I think I have 
>>>>> found the infected files and the security issue that they 
>>>>> exploited to upload their scripts, but ...
>>>>>
>>>>> In Surgemail, I want to block any email being sent from domain 
>>>>> xyz.com.  The emails are being sent via smtp auth from the 
>>>>> webserver with <various namesHIDDEN@om.  I want to block emails 
>>>>> from xyz.com from being sent out. Either drop them or pass them to 
>>>>> a special mailbox folder somewhere.  (the domain is not being 
>>>>> actively used for anything usefull at the moment, so dropping 
>>>>> any/all from emails is acceptable).
>>>>>
>>>>> Thanks,
>>>>> Lyle
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>