I think you have to use a regex expression like in the webproxy exceptions (not shure about that) or use country blocking for inbound connection from some countries.
[/QUOTE] I think you have to use a regex expression like in the webproxy exceptions (not shure about that) or use country blocking for inbound connection from some countries. [QUOTE]
Country blocking doesn't work because .ru spam servers are littered all over the world to avoid this very tactic. With big cheap email providers like Microsoft Online, one set of servers can be hosting hundeds of thousands of domains. IP Geolocation doesn't really help.
I've collected information on blocked domains over a month and added them specifically to the spam blacklist. That doesn't seem to be helping at all. The number of domains which send only one or two emails seems to be growing. Spammers are a sophisticated brood.
Your expression looks correct to me, but what you are saying is the mail isn't coming from .ru or not in the header information. So the header has a different address which you need to examine in more detail.
