Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-23091] Regex filtering rule over 1024 characters issue

Discussion in 'E-mail Discussion' started by delboy007, Sep 11, 2018.

  1. delboy007

    delboy007 Member

    Joined:
    Jul 30, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    There is a very serious bug in the regex filtering. In the past if I created a rule over 1024 characters long when I tried to create the rule I got an error message. No problem I used to reduce the characters and create another rule and could do that as many times as I wanted.

    I haven't used that filtering for a year or two but now I came back to it andwas happy to see there was no error message so assume there was no longer a character limitation. A day later I was surprised to see that I hadn't received a single email, not even spam. I deleted the rule and then started to receive emails.

    In short... if you enter more than 1024 characters a rule all emails sent to you and any email address will be discarded. This could be disastrous for many people and I have no idea what important emails I might have received during the time the rule was active.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,680
    Likes Received:
    183
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @delboy007

    Can you provide an example of the rule/s you're creating?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. delboy007

    delboy007 Member

    Joined:
    Jul 30, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    My host provider ran tests and agreed there was a bug. Here is the relevant part of the log

    == junk@xxxxxxxxxxxx R=virtual_user_filter defer (-17): error in filter file: string is too long in line 13 of filter file (max = 1024 chars)

    - Removed -
     
    #3 delboy007, Sep 14, 2018 at 11:35 AM
    Last edited by a moderator: Sep 14, 2018 at 6:18 PM
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,680
    Likes Received:
    183
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @delboy007


    I created a similar filter used 1136 characters, set it to forward to a specific email and tested it - not only did it work as expected it didn't impact any other accounts nor did I receive a similar error in the exim logs. This leads me to wonder if the issue isn't in the regex you're using or some specific customization you or your provider have employed.

    Code:
     exigrep 1g0sWy-0009PP-26 /var/log/exim_mainlog
    2018-09-14 13:09:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1g0sWy-0009PP-26
    
    2018-09-14 13:09:24 1g0sWy-0009PP-26 H=mail-lf1-f43.google.com [209.85.167.43]:46609 Warning: "SpamAssassin as myuser detected message as NOT spam (4.3)"
    2018-09-14 13:09:25 1g0sWy-0009PP-26 H=mail-lf1-f43.google.com [209.85.167.43]:46609 Warning: Message has been scanned: no virus or other harmful content was found
    2018-09-14 13:09:25 1g0sWy-0009PP-26 <= mygmail@gmail.com H=mail-lf1-f43.google.com [IPREMOVED]:46609 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=4192 id=CAF7rb1L28DcHaGvcoY_kt3PvJhH+hRV2azx2iH85pE8AireKvw@mail.gmail.com T="Hi there" for test@mydomain.tech
    2018-09-14 13:09:25 1g0sWy-0009PP-26 => myuser <test@mydomain.tech> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <lauren@mydomain.tech> IHslA1X5m1t5jQAAgi2POw Saved"
    2018-09-14 13:09:25 1g0sWy-0009PP-26 Completed
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. delboy007

    delboy007 Member

    Joined:
    Jul 30, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    This is way beyond my area of expertise but I can't see anything in this log to say it has been through the global filter rules, only the spam assasin filter. Certainly having done any customisations as I wouldn't know how to start and I doubt whether my host providers "inmotion" would have done so either.

    Just as a matter of interest can you please try again but disabling spam assasin
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,680
    Likes Received:
    183
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @delboy007

    It doesn't indicate that it's been even filtered because it didn't get flagged by the rule. That was actually the point - you indicated that enabling the rule caused it to fail all mail - I've done the same and can show it's not doing that. If it hits on a rule you'll get a notification in the exim log which is why I believe the issue is in your regex.
    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. delboy007

    delboy007 Member

    Joined:
    Jul 30, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I have contacted my host provider who say they have not made any customizations. Can you please test again with my regex below. As you can see the format complies with regex syntax. If there is a problem with my regex why does that it only ever fail when it contains more that 1024 characters ? If I split the regex below in half then both of them will work so I don't see how the format can be wrong.
    Code:
    subject = matches regex
    redirect to email
    discard
    stop processing rules
    
    20/20|A free sample|Amazon Offer|Amazon Review Invitation|Amazon Reward|and still going|Asian Dating|Asian Women|Auto Insurance|Baldness|belly bulge|Best Wine|Blood Sugar|brain power|Burial Insurance|cannabis|car insurance|car insurance.|Car Repair|Cash Loans|Citrix|Claim your reward|credi report|Credit Card Debt|dark web|Dead Batteries|diabetes|dress sizes|drink will make you|Ductwork|Earn Money|e-Commerce|energy efficient|equifax,|Erectile|Explicit:|fan repairs|Fight Cancer|Flash Sale|Flash Sale:|flexible loan|flight simulator|For men over|Get Hard|Get rid of|Gift Card|got stiff|Hair gel|hair growth|Hair Loss|has been searching|Health Insurance?|Healthcare|HOME INVASIONS|Home Warranty|homeowners?|How I Lost|Injury Claim|interest debt|Keto|keto diet|Ketosis?|Labor Day|learn to fly|Legal in All|life coverage|life insurance|Life Insurance|Load Documents|load offer|Loan Documents|Loans|Lose Weight|Manhood|Marijuana|Mark Cuban|match.com|Meet Singles|Miracle Cure|MK Handbags|National Debt|need replacement|Pain Killer|Pain Relief|Perfect Match|Pharma|Plumbing repairs|Printer Ink|Prostate|Quara|regrow|Renewal by Anderson|repair bills|Request A Loan|Risk Free|Russian Beauty|Russian Women|Sam's Club|Save Money|search engine results|SEO Report|Shark Tank|shocking ways|skinny|Smart Aircool!|Start Earning|Sunglasses|Tesla Said:|testosterone|Timeshare|tinnitus|Tinnitus|Toe and Nail|Trumpcare|Try new product|Vision|Wall Street|Weight Loss|Woodworking|Woolworths|WSJ|Your Family
    
     
    #7 delboy007, Sep 19, 2018 at 2:11 AM
    Last edited by a moderator: Sep 19, 2018 at 4:11 AM
  8. delboy007

    delboy007 Member

    Joined:
    Jul 30, 2014
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I can confirm that emails are not delivered for as long as the above regex is enabled. If I delete the filter then the emails start to come through around half and hour later.
     
  9. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,680
    Likes Received:
    183
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @delboy007

    Perfect, thanks for providing that. I'll do some testing with your rule and I'll let you know what the outcome is.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,680
    Likes Received:
    183
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I tried this as a user level filter initially and received no errors on it. I then added your filter rule as a global level filter and immediately started receiving errors:


    Code:
    R=central_filter defer (-17): error in filter file: string is too long in line 13 of filter file (max = 1024 chars)
    
    I think my initial issue was that I had been adding it as a user level filter rather than a global filter as well. I'm opening an internal case for this as I agree you should be warned that the limitation exists rather than the behavior that is occurring now. I'll update you with the case ID as soon as it's ready.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,680
    Likes Received:
    183
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @delboy007

    I've created CPANEL-23091 for this issue. I'll update here with progress as it becomes available.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice