cpanel_exim_system_filter_custom and email que

[asmithjr]

I've started using the cpanel_exim_system_filter_custom to filter emails for the server. I've noticed since doing so the queue seems to always have delivery emails hung for a while. Before implementing the use of the file I rarely would see this.
Here is what I have

if (
 ("$h_to:, $h_cc:" ends ".date")
or ("$h_from:" ends ".date")
or ("$h_to:, $h_cc:" ends ".men")
or ("$h_from:" ends ".men")
or ("$h_to:, $h_cc:" ends ".us")
or ("$h_from:" ends ".us")
)
then
 logwrite "$tod_log $h_from $h_to (Ends date men)"
seen finish
endif
#For blocking all incoming and outgoing RUSSIAN emails
if (
 ("$h_to:, $h_cc:" contains ".date")
or ("$h_from:" contains ".date")
or ("$h_to:, $h_cc:" contains ".men")
or ("$h_from:" contains ".men")
or ("$h_to:, $h_cc:" contains ".life")
or ("$h_from:" contains ".life")
or ("$h_to:, $h_cc:" contains ".ru")
or ("$h_from:" contains ".ru")
or ("$h_to:, $h_cc:" contains ".stream")
or ("$h_from:" contains ".stream")
or ("$h_to:, $h_cc:" contains "qq.com")
or ("$h_from:" contains "qq.com")
or ("$h_to:, $h_cc:" ends ".us")
or ("$h_from:" ends ".us")
)
then
 logwrite "$tod_log $h_from $h_to (contains ru qq.com strean date)"
seen finish
endif

# send everything with SPAM in subject to null
if
 $header_subject: contains "SPAM"
then
 logwrite "$tod_log $h_from $h_to $header_subject (subject contains SPAM)"
 save "/dev/null" 660
seen finish
endif

Notice I've also now tried to use "ends" instead of "contains" because I want to remove emails that end with something. It seems even though the contains is ".ru" for example it seems to remove emails with ru in them.
I really need to use the cpanel_exim_system_filter_custom since there are several domains that would benefit from this rather than a separate filter for each domain.
What am I doing wrong or is there a better way?

 

[cPanelMichael]

I've noticed since doing so the queue seems to always have delivery emails hung for a while.

Hello,

Could you provide some more information about what's happening to the emails? For instance, does the initial delivery attempt fail? If so, do you notice any specific output for these messages in /var/log/exim_mainlog?

Thank you.

 

[asmithjr]

Michael, I'm not sure if this is what you mean. This example I see still in queue and here is a line from the exim_mainlog

2017-09-12 13:06:47 1drodz-0007SP-0a <= [email protected]tetranslations.com H=affordableaccuratetranslations.com (mail.affordableaccuratetranslations.com) [23.247.14.116]:52665 P=esmtp S=23764 [email protected]ations.com T="Order printer ink online." for [email protected][\code]

when I hit the deliver button (I'm using Configserv Mail Que manager) it shows me 
[code]
LOG: MAIN
  cwd=/usr/local/cpanel/whostmgr/docroot 4 args: exim -v -M 1drodz-0007SP-0a
delivering 1drodz-0007SP-0a
LOG: MAIN
  => /dev/null <[email protected]> R=central_filter T=**bypassed**
LOG: MAIN
  Completed

and is cleared from the queue

this is what is in the /var/log/filter.log

2017-09-12 13:06:47 "Printer Ink Options" <[email protected]> <[email protected]> ***SPAM***  Order printer ink online. (subject contains SPAM)

 

[cPanelMichael]

Hello,

You may want to consider breaking down those filter rules into smaller individual filters to see if that improves the performance. Here's a quote from our filter documentation:

We strongly recommend that you use multiple, simple filters instead of a single large filter. Exim, the server's mail transfer agent, handles many small rules more efficiently than a single large rule.

Thank you.

 

[asmithjr]

Do you mean like this?

if ("$h_to:,$h_from" matches " [email protected]+\.bid")
then
 logwrite "$tod_log $h_from $h_to (matches ends with bid)"
seen finish
endif
if ("$h_to:,$h_from" matches " [email protected]+\.date")
then
 logwrite "$tod_log $h_from $h_to (matches ends with bid)"
seen finish
endif
if ("$h_to:,$h_from" matches " [email protected]+\.life")
then
 logwrite "$tod_log $h_from $h_to (matches ends with bid)"
seen finish
endif

 

[cPanelMichael]

Hello,

Yes, that's correct.

Thank you.