The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best way to Filter/Forward all email sent to a single address

Discussion in 'E-mail Discussions' started by SE_JC, Jan 19, 2016.

  1. SE_JC

    SE_JC Registered

    Joined:
    Jan 19, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New York
    cPanel Access Level:
    Root Administrator
    Hello everyone! Required version information is as follows (even though this is less of a technical question than most):

    /etc/redhat-release:CentOS release 5.11 (Final)
    /usr/local/cpanel/version:11.52.2.4
    /var/cpanel/envtype:xen hvm
    CPANEL=release
    Server version: Apache/2.0.63
    Server built: Jul 28 2010 14:00:07
    Cpanel::Easy::Apache v3.2.0 rev5158
    PHP 5.3.3 (cli) (built: Jul 28 2010 14:28:13)
    Copyright (c) 1997-2010 The PHP Group
    Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    mysql Ver 14.12 Distrib 5.0.96, for unknown-linux-gnu (x86_64) using readline 5.1
    (Old, I know, but I am limited in what I can do.)

    We have multiple departments, all running on their own domains on this server. Sometimes, people will be moved from one department to another (or just leave entirely), and as a result, I have to send all their incoming mail to a new mailbox. Prior to my tenure, we would use forwarding (user1@domain.com forwarding to user2@domain.com), but the old user's mailbox would still be within the new user's desktop client (so User2 would have User2@domain.com and User1@domain.com come into their client- Thunderbird in this case.) This meant we got a duplicate of everything, taking up extra space and hassling the new caretaker of the account. I opted to utilize filters (To Field contains user1@domain.com, redirect email to user2@domain.com) so that email wouldn't get dumped into user1@domain.com's Inbox.

    My issue is that there have been some accounts that have the filter being bypassed by SPAM and Junk Mail (one account has both a filter and a forward in place, and it still gets SPAM in the account via forwards from a gmail account!). So, what is the best policy to ensure nothing hits the Inbox and it all goes to the new account? And what would be recommended for when I eventually remove the account of the server to make space? (Delete the user1@domain.com account, but still keep mail going to user2@domain.com)

    Thank you.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,852
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I suggest looking into alternatives for SPAM prevention, or to determine why a message is making it past SpamAssassin. For instance, you can search /var/log/exim_mainlog for a specific SPAM message via:

    Code:
    exigrep user@spam-sender /var/log/exim_mainlog
    Does it bypass SpamAssassin completely, or is it marked below the threshold? As far as deleting the original account, you could simply delete the email account and configure a traditional forwarder.

    Thank you.
     
  3. SE_JC

    SE_JC Registered

    Joined:
    Jan 19, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New York
    cPanel Access Level:
    Root Administrator
    I should clarify my question. For the moment, SpamAssassin is set to merely mark things as ***SPAM*** and not touch them otherwise. This has to do with office politics, so I'm not worried about that. Fighting junk mail and management's policies is another battle.

    What I meant was, there is email still getting dropped into the user1@domain.com email Inbox, despite there being both a forward and a filter to funnel all mail into user2@domain.com (And some accounts had just a - To: Contains "user@domain.com" - filter). And all the email that somehow worked its way into the Inbox of user1@domain.com happened to entirely be junk mail. (Everything of importance and normal correspondence was redirected to the new mailbox, and running the filter/forward tests via GUI all come back with the proper settings.)

    My issue is moreso "Why is email (that just happens to be junk) still hitting the Inbox when I have a filter that states all mail sent to that account should get funneled into another?" than "Why do I keep getting junk mail?"
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,852
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Do you notice any difference in the log output in /var/log/exim_mainlog for a message that was properly forwarded compared to a message that was delivered directly to the inbox (avoiding the filter rules)?

    Thank you.
     
  5. SE_JC

    SE_JC Registered

    Joined:
    Jan 19, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New York
    cPanel Access Level:
    Root Administrator
    I shall look into that today and let you know.
     
  6. SE_JC

    SE_JC Registered

    Joined:
    Jan 19, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New York
    cPanel Access Level:
    Root Administrator
    Code:
    2016-01-21 09:13:33 [17629] 1aMFzQ-0004aL-05 <= GMAILUSER+caf_=user1=domain.com@gmail.com H=mail-lb0-f169.google.com [209.85.217.169]:34750 I=[]:25 P=esmtps X=TLSv1:AES128-SHA:128 CV=no S=13522 M8S=0 id=20160121141251.167B513E0044@elabs3.com T="NEW Suede-Ish Coasters from Americanna. EQP Introductory Special!" from <GMAILUSER+caf_=user1=domain.com@gmail.com> for user1@domain.com
    2016-01-21 09:13:33 [17681] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1aMFzQ-0004aL-05
    2016-01-21 09:13:33 [17681] 1aMFzQ-0004aL-05 => user1 <cuser1@domain.com> F=<GMAILUSER+caf_=user1=domain.com@gmail.com> P=<GMAILUSER+caf_=user1=domain.com@gmail.com> R=virtual_user T=virtual_userdelivery S=13677 QT=1s DT=0s
    2016-01-21 09:13:33 [17681] 1aMFzQ-0004aL-05 => user2 (user1@domain.com) <(user1@domain.com> F=<GMAILUSER+caf_=user1=domain.com@gmail.com> P=<GMAILUSER+caf_=user1=domain.com@gmail.com> R=virtual_user T=virtual_userdelivery S=13677 QT=1s DT=0s
    
    
    
    2016-01-21 09:59:56 [23545] 1aMGiI-00067l-EA <= orbitz.4885@envfrm.rsys2.com H=omp.my.orbitz.com [12.130.136.172]:44675 I=[]:25 P=esmtp S=69509 M8S=8 id=0.1.36.5BB.1D1545BDE724BC2.0@omp.my.orbitz.com T="Flights this weekend are lookin' good! Go somewhere" from <orbitz.4885@envfrm.rsys2.com> for user1@domain.com
    2016-01-21 09:59:56 [23621] cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1aMGiI-00067l-EA
    2016-01-21 09:59:56 [23621] 1aMGiI-00067l-EA => user2 (user2@domain.com) <user1@domain.com> F=<orbitz.4885@envfrm.rsys2.com> P=<orbitz.4885@envfrm.rsys2.com> R=virtual_user T=virtual_userdelivery S=69636 QT=2s DT=0s
    
    
    To answer your question, yes. The above log snippets (sanitized) show the difference between one bit of mail that got into the Inbox, and one that was successfully filtered.
     
    #6 SE_JC, Jan 21, 2016
    Last edited by a moderator: Jan 21, 2016
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,852
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page