Block ALL TLD's consisting of 4 or more letters

[FnF Host]

It seems that that big custom TLD sweep turned out to be not much more then a huge breeding ground for spammers. My server is literally getting bombed with spam from tons of these new TLD's. I started by blocking them one at a time in the "server spam blacklist", .link, .science, .party, .webcam, .click...etc etc...but they continue breed like rats and it's a pin to keep up with.
I thought I seen a post here that gave code to add to "server spam blacklist" to block all TLD's with 4 or more letters in their name and I cant find it now.
I know this is a pretty wide sweep and not a good move but with the type of clients I deal with I feel safe I wont be blocking any of their incoming mail. Can anyone help me with what I need to configure Mailscanner to block these 4 and more letter new TLD's?

[FnF Host]

Can anyone at all help me out with this? I feel like I've poisoned the forum and sent everyone scurrying.

[Sarah]

You'd need to construct a regular expression for this, but you would not be able to add this via the MailScanner Front-End as it won't accept regular expressions. Once you have the regular expression (maybe do a google search?) you'd need to experiment with adding it directly to spam.blacklist.rules in such a way that it is not automatically removed by the overnight back-end script which updates the rules files. You can test this by clicking "Change" in WHM > Plugins > ConfigServer MailScanner FE > MailScanner Front-End.

[FnF Host]

I believe I have the expression Sarah. But the Front-End not accepting expressions would answer why it didnt seem to be working.
I'll add it directly and tinker with it. Thanks so much for your reply.

[FnF Host]

sighhhh
I for the life of me cannot figure out how to get it to not be removed by the overnight update, Sarah.
The expression Im using is .*\@.*\.[a-z]{4-20}$ which does work.
I've tried all the following and it still gets removed. What am I doing wrong??
To: *@* and From: .*\@.*\.[a-z]{4-20}$
From: .*\@.*\.[a-z]{4-20}$
To: *@* and From: .*\@.*\.[a-z]{4-20}$ yes
From: .*\@.*\.[a-z]{4-20}$ yes
FromOrT0 .*\@.*\.[a-z]{4-20}$
FromOrT0 .*\@.*\.[a-z]{4-20}$ yes
And I also tried using all the examples above with the expression stripped to match the defaults in spam.blacklist.rules now by trimming it down to *@*\.[a-z]{4-20}$ and it keeps getting erased.
Any ideas?

[FnF Host]

I think I finally nailed it!

[sawbuck]

I think I finally nailed it!

Care to share?

[FnF Host]

I spoke too soon.
I whittled it down to the following to get it to NOT be deleted during update.
From: /\.[a-z]{4-20}$/ yes
So I finally got it to stay put and now it no longer works to block the TLD's. Sighhhhhh

[FnF Host]

I'm going to have to rewrite this and experiment a few more times. I just noticed I've been using {4-20} and it should be {4,20}
Back to the testing

[sawbuck]

Will be interested to see the end result.