Im using the following to block TLDs, but not in helo checks, im using sender checks instead:
/\.bid$/ DISCARD /\.top$/ DISCARD /\.xyz$/ DISCARD /\.pro$/ DISCARD /\.date$/ DISCARD /\.faith$/ DISCARD /\.download$/ DISCARD DISCARD blocks the mail without telling the sender the mail was blocked so spammers can't retry until they get the crap through.
smime.p7s
Description: S/MIME Cryptographic Signature
