Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel_exim_system_filter_custom and email que

Discussion in 'E-mail Discussions' started by asmithjr, Sep 11, 2017.

Tags:
  1. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    503
    Likes Received:
    4
    Trophy Points:
    168
    I've started using the cpanel_exim_system_filter_custom to filter emails for the server. I've noticed since doing so the queue seems to always have delivery emails hung for a while. Before implementing the use of the file I rarely would see this.
    Here is what I have
    Code:
    if (
     ("$h_to:, $h_cc:" ends ".date")
    or ("$h_from:" ends ".date")
    or ("$h_to:, $h_cc:" ends ".men")
    or ("$h_from:" ends ".men")
    or ("$h_to:, $h_cc:" ends ".us")
    or ("$h_from:" ends ".us")
    )
    then
     logwrite "$tod_log $h_from $h_to (Ends date men)"
    seen finish
    endif
    #For blocking all incoming and outgoing RUSSIAN emails
    if (
     ("$h_to:, $h_cc:" contains ".date")
    or ("$h_from:" contains ".date")
    or ("$h_to:, $h_cc:" contains ".men")
    or ("$h_from:" contains ".men")
    or ("$h_to:, $h_cc:" contains ".life")
    or ("$h_from:" contains ".life")
    or ("$h_to:, $h_cc:" contains ".ru")
    or ("$h_from:" contains ".ru")
    or ("$h_to:, $h_cc:" contains ".stream")
    or ("$h_from:" contains ".stream")
    or ("$h_to:, $h_cc:" contains "qq.com")
    or ("$h_from:" contains "qq.com")
    or ("$h_to:, $h_cc:" ends ".us")
    or ("$h_from:" ends ".us")
    )
    then
     logwrite "$tod_log $h_from $h_to (contains ru qq.com strean date)"
    seen finish
    endif
    
    # send everything with SPAM in subject to null
    if
     $header_subject: contains "SPAM"
    then
     logwrite "$tod_log $h_from $h_to $header_subject (subject contains SPAM)"
     save "/dev/null" 660
    seen finish
    endif
    
    Notice I've also now tried to use "ends" instead of "contains" because I want to remove emails that end with something. It seems even though the contains is ".ru" for example it seems to remove emails with ru in them.
    I really need to use the cpanel_exim_system_filter_custom since there are several domains that would benefit from this rather than a separate filter for each domain.
    What am I doing wrong or is there a better way?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you provide some more information about what's happening to the emails? For instance, does the initial delivery attempt fail? If so, do you notice any specific output for these messages in /var/log/exim_mainlog?

    Thank you.
     
  3. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    503
    Likes Received:
    4
    Trophy Points:
    168
    Michael, I'm not sure if this is what you mean. This example I see still in queue and here is a line from the exim_mainlog
    Code:
    2017-09-12 13:06:47 1drodz-0007SP-0a <= printer_ink_options-joanne=groundfloorvideo.com@affordableaccuratetranslations.com H=affordableaccuratetranslations.com (mail.affordableaccuratetranslations.com) [23.247.14.116]:52665 P=esmtp S=23764 id=0.0.0.12.1D32BE9131444E6.449453@mail.affordableaccuratetranslations.com T="Order printer ink online." for joanne@groundfloorvideo.com[\code]
    
    when I hit the deliver button (I'm using Configserv Mail Que manager) it shows me 
    [code]
    LOG: MAIN
      cwd=/usr/local/cpanel/whostmgr/docroot 4 args: exim -v -M 1drodz-0007SP-0a
    delivering 1drodz-0007SP-0a
    LOG: MAIN
      => /dev/null <joanne@groundfloorvideo.com> R=central_filter T=**bypassed**
    LOG: MAIN
      Completed
    and is cleared from the queue

    this is what is in the /var/log/filter.log
    Code:
    2017-09-12 13:06:47 "Printer Ink Options" <printer_ink_options@affordableaccuratetranslations.com> <joanne@groundfloorvideo.com> ***SPAM***  Order printer ink online. (subject contains SPAM)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You may want to consider breaking down those filter rules into smaller individual filters to see if that improves the performance. Here's a quote from our filter documentation:

    Thank you.
     
  5. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    503
    Likes Received:
    4
    Trophy Points:
    168
    Do you mean like this?
    Code:
    if ("$h_to:,$h_from" matches " .+@.+\.bid")
    then
     logwrite "$tod_log $h_from $h_to (matches ends with bid)"
    seen finish
    endif
    if ("$h_to:,$h_from" matches " .+@.+\.date")
    then
     logwrite "$tod_log $h_from $h_to (matches ends with bid)"
    seen finish
    endif
    if ("$h_to:,$h_from" matches " .+@.+\.life")
    then
     logwrite "$tod_log $h_from $h_to (matches ends with bid)"
    seen finish
    endif
    
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, that's correct.

    Thank you.
     
Loading...

Share This Page