Exim Server-wide Filters: Best way?

**erick_paper** · 06-18-2005 06:58 AM

Hi,

I would like to block certain email addresses from sending email to ANY of the domains on my WHM. Not IP addresses so I cannot add them to an IP deny list or anything.

The rule I am thinking of is something like this:

if $sender_address contains "baduser@baddomain.com" then...

What should my condition look like, and where should it go? This is not in domain-specific cpanel accounts (for which a .filter file is usually enough) but for server-wide banning of sender addresses.

Thx for any thoughts!

**RickG** · 06-18-2005 07:11 AM

Take a look at "Section 4" in this document from the folks at RVSkin where you'll find the solution:

http://www.rvskin.com/index.php?page=public/antispam

**chirpy** · 06-18-2005 08:49 AM

That's a somwhat convoluted way of doing it, though does work. If it's just for the odd email address you can simply go into WHM > Exim Configuration Editor > Advanced Mode > Scroll down to the first set of 3 textareas and in the middle one (the ACL stuff) put the following after the accept hosts = : line with clear blank lines around it:

Code:

 drop senders = baduser@baddomain.com
       message = Spam or Mail Bombing activity

**erick_paper** · 06-18-2005 11:57 PM

Thanks Chirpy!

For now I have set up this rule in the /etc/antivirus.exim file:

if $header_from: contains "baduser@baddomain.com"
then seen finish
endif

Is this less advisable than having an ACL? Yes, I only have 1 or 2 email addresses so I don't mind the drop command you suggested, but I don't want the sender to know that their messages are being dropped, so I don't want them to receive any bounce message. Would "drop" do this?

Also, I have a bit of your suggested code in my ACL already. But I have a question. I keep getting bounce messages from people to "adam@MYDOMAIN.COM" or "eve@MYDOMAIN.COM" etc, as if adam and eve had sent them an email from MYDOMAIN.COM (my domain) but they are bouncing. But adam and eve obviously do not exist on my server, so they could not have sent the message in the first place! How can I block such messages from my server? What would the ACL code be?

Thanks!

**chirpy** · 06-19-2005 09:33 AM

Hi,

Putting it in that file, the system_filter, is fine.

The second part is most likely bounces from spam or viruses sent out from an infected PC with forged headers and nothing to do with you. There's little you can do other that using Filters, except of course making sure that you have your Default Address set to :fail: and only create accounts/aliases that you actually use.

**erick_paper** · 06-19-2005 11:19 AM

Thanks Chirpy, that's great. For second question, do you know if I can create any filter that says: "If TO header contains an address that I have not specifically created on my domain, then bounce the email"?

**chirpy** · 06-19-2005 04:01 PM

That's exactly what setting the Default Address to :fail: does.

LinkBack

Thread Tools

Exim Server-wide Filters: Best way?

Where to define system wide filters?

Exim filters

Exim filters for spam check

Problem with Exim system-wide aliases