Hi!
Here
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html you can see why you can't blacklisted the top level domain as a whole:
"Whitelist and blacklist addresses are now file-glob-style patterns, so
friend@somewhere.com, *@isp.com, or *.domain.net will all work. Specifically, * and ? are allowed, but all other metacharacters are not. Regular expressions are not used for security reasons."
According to the doc the glob '*' symbol seems to be forbidden after the "@" symbol.
So you'll have to use a custom filter: (read this
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules)
Another option is to catch those *.icu e-mail on SMTP in order to reject them. This way your spam folder will be void! (read this:
https://www.virtualmin.com/node/53157 )
In order to give you a more specific answer I'll would have to do some trials, so tell me what solution do you like in order to reach your goal.
If you want to do your own trials, you have to run these commands:
sudo mkdir -p /etc/zentyal/stubs/mailfilter
sudo cp /usr/share/zentyal/stubs/mailfilter/local.cf.mas /etc/zentyal/stubs/mailfilter/local.cf.mas
All you settings have to be done in '/etc/zentyal/stubs/mailfilter/local.cf.mas'
#Add this:
header LOCAL_FROM_TLD From =~ /@[a-z0-9\-\.]+\.(icu)/i
describe LOCAL_FROM_TLD From address is a TLD listed in line 1
score LOCAL_FROM_TLD 11
Afterwards, run this command in order to restart the mailfilter service:
sudo zs mailfilter restart
Cheers!