# Account Level Filtering Flagging All Email As Junk

#### D. Stall

##### Member
Account level filtering appears to flag all email as 'Junk' after setting up filters to send junk email to Junk folder.

I have set up 'whitelist' filters telling cPanel what to send to my Inbox, but then cPanel often sends a copy to Junk folder as well as to my Inbox.

For instance, the 3 emails from cPanel Forums that I received after setting up an account were all sent to my Junk folder.
I have checked my IP Address filters against long headers of cPanel emails (as well as other email being filtered as Junk that should not be) and none of the email has IP addresses that should be filtered as Junk.

Likewise, Domains filters should not be sending emails to Junk folder, as they are not filtering '.net' or any other main domains, only select country domains such as -
Any header, matches regex, (\W|^)(.ae|.af|.ai|.al|.am|.ao|.ar|.az)(\W|$) I am filtering Body also, but nothing that appears to be contained in cPanel or other emails that are being sent to Junk folder - Body, matches regex, (\W|^)(cialis|.cn)(\W|$)
Other Body filters -
Dear\sClient, .hk, .kz, .lt, .ly, .me, Please\sget\sback\sto\sme, Full\sName, lipitor, prednisolone, .pl, .ru, seroquel, tramadol, .tc, .tr, .ua, wellbutrin, .za

Neither should any Header filters be sending all email to Junk folder -
Any header, matches regex, (\W|^)(AEXP|award|AsianDating)(\W|$) Other Header filters - BENEFICIARY, blitzmarketing, changelog, Citibank, DatingAsian, Emirates, Fax, F.B.I, GrandPalace, Grand-Palace, interested\sin\sthis\soffer, intjlr, islam, linkedin, lottery, misslex, misslightside, mlbabysdoll, penis, Pharmacy, PAYVESUPPORT, pchwinners, Publishers\sClearing\sHouse, Robert\sMueller, sejxual, superposta, standardloans, Urgent, USPS, Western\sUnion Any header, contains - V. .l. .А. .G. .R. .A, Ѷ‪І‪Ἅ‪ɢ‪ṝ‪Ἅ, ∨​ɨ​Ầ​ǧ​ŕ​Ầ, Ṽ Ἲ Ἀ Ḡ Ṙ Ἀ, Ṽ Ἱ ᾴ Ġ ℜ ᾴ Suggestions? See any filters that may be picking up parts of words? #### alphawolf50 ##### Well-Known Member I'm not sure which specific regex syntax is used cPanel, but I assume it's PCRE. If that's the case, then every instance of '.' needs to be 'escaped' with a backslash. If it's not escaped, '.' means "any single character except newline". Your best bet would be to remove all your filters, add one, test, add the next, test, etc... until you've added them all back. If at any time your legitimate emails start getting redirected to junk, remove the last rule. If the problem goes away, you know that last rule was responsible for the issue. That will make it much easier to figure out where to look. #### D. Stall ##### Member I had escaped '.' in the regex, but filters still would not work until I removed regex (\W|^) before and (\W|$) after the group list.
Even then I had to test one at a time, and so many caught email I do not want flagged, that I limited filter to just a few of the more offending domain country endings, as it was too hard to figure out where email was hanging on all the others.
It seemed that especially those like .ly, .tr, and .tc were problematic.

Is there regex that will identify these as domain endings?
When I look at some sample headers, it seems the domain ending is usually followed by a white space ' ', right arrow '>', right or close parentheses ')', or a colon ':'

#### Silver_2000

##### Well-Known Member
Email Filters

I had escaped '.' in the regex, but filters still would not work until I removed regex (\W|^) before and (\W|\$) after the group list.
Even then I had to test one at a time, and so many caught email I do not want flagged, that I limited filter to just a few of the more offending domain country endings, as it was too hard to figure out where email was hanging on all the others.
It seemed that especially those like .ly, .tr, and .tc were problematic.

Is there regex that will identify these as domain endings?
When I look at some sample headers, it seems the domain ending is usually followed by a white space ' ', right arrow '>', right or close parentheses ')', or a colon ':'
would love to have sample filter that will effectively filter by country

.pw and .us domains are spamming like crazy

ive tried a BUNCH of options and cant seem to make it work

i can add "TO: *@* and FROM: *@*.pw yes" tp spam black list rules for server BUT I want to be able to do by each cpanel account

Last edited: