cpanel_exim_system_filter block by subject

[z3d3m0n]

Hey Guys,

i am trying to work with cpanel_exim_system_filter. Need to block incoming emails with subject that contains Your accounts was hacked.i have enabled it in Exim Configuration Manager

i have entered the code to the cpanel_exim_system_filter but the emails are still getting in

if ("$h_subject:"contains "Your accounts was hacked")
or  ("$h_subject:"Your accounts was compromised")
then fail
endif

i have checked the manual
How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation

is there any extended reference for the variables that i can use like , $h_subject etc

any advices are welcome

thx

 

[rpvw]

For filters using the "contains" evaluation; try using the AND operator instead of the OR operator

 

[cPanelLauren]

Hi @z3d3m0n

I'd go with the recommendation by @rpvw, I'd also always create the filter in cPanel's Global/User filters then copy that syntax. I did something like this for you:

if
 $header_subject: contains "Your accounts was hacked"
 or $header_subject: contains "Your accounts was compromised"
then
 if error_message then save "/dev/null" 660 else fail "No spam here" endif
 finish
endif

Keep in mind the full subject needs to match what's in the quotes for this to work as well including caps and spelling

 

[websnail.net]

Word to the wise here...

If you're "System Filter File" is set to anything other than the default, your custom filters will never been compiled into the filters but the system won't actually tell you...

Ours was set to "/etc/antivirus.empty" for reasons I can't quite remember but it was only when I physically applied the custom filters to that file and then restarted exim that I found the rules were being applied.

Reverting the setting back to the default and lo' all our custom filters started working properly...

Lot of time wasted so thought I'd best share in case anyone else gets here in frustration too.