AndyD_OHD

Member
Oct 18, 2007
8
0
51
Hi,
I am new to this world of WHM and would like to increase my knowledge of such aspects. I have a client on my hosting account who seems to be getting hundreds of emails from a number of different domains but all share the fact that they have oriental characters in the subject line and email content. The companies apparently sending the emails have a number of different TLDs ranging from .net to .com. I wondered if there was a way using spamassassin, or other means, to block the senders of the emails. I would be reluctant to block yahoo emails as some of my client's clients may use yahoo email addresses. I really would appreciate any advice on setting up some system of blocking please.

Thanks
Andy
 

kernow

Well-Known Member
Jul 23, 2004
970
35
178
cPanel Access Level
Root Administrator
If blocking the IPs is not practical, you could try the account level filtering in cpanel>>>mail. Set up a new filter and copy/paste the oriental characters into the "contains" box. This may or may not work as I have never tried it and am unsure whether the chinese characters could be read.
 

AndyD_OHD

Member
Oct 18, 2007
8
0
51
The company administering my WHM said that blocking ip address is not a good idea and offered to block emails based upon charset. So I have gone along with that at the moment and will wait to see what happens. But thanks for your reply.
 

Bogie

Registered
May 6, 2014
1
0
1
cPanel Access Level
Website Owner
I ran across this piece of regex that seems to work - (so far): \P{Cn}

Since I'm not very good at regex, I have the offending emails redirected to another account until I feel confident that it solves this problem without creating another.
 

shenzy

Well-Known Member
Apr 27, 2008
73
3
58
Chile
cPanel Access Level
Root Administrator
For similar case I use personalizated filters on etc/cpanel_exim_system_filter
Example: I need filter all emails that contains the phrase: "viagra pills" or in any header contains the domain "viagra-china.cn" or "china-viagra.cn"
The filter is:
### Personal Filter 01
######################################################
# START
# Filters all incoming an outgoing mail
if
($message_headers: contains "china-viagra.cn" or
$message_headers: contains "viagra-chine.cn" or
$message_body: contains "viagra pills")
then

fail text "This message has been rejected by Personal Filter!"
seen finish
endif
# END
If you want to keep track of messages filtered:


### Personal Filter 01
######################################################
# START
# Filters all incoming an outgoing mail
# Personal filter Log file (optional)
logfile /var/log/personal_filter.log 0644

if
($message_headers: contains "china-viagra.cn" or
$message_headers: contains "viagra-chine.cn" or
$message_body: contains "viagra pills")
then
# Write to log (optional)
logwrite "$tod_log $message_id <$sender_host_address> <$sender_host_name> from < $sender_address > to < $header_to > subject < $header_subject > was filtered by the custom filter \n"

fail text "This message has been rejected by Personal Filter!"
seen finish
endif
# END
 
Last edited: