cpanel_exim_system_filter_custom and email que

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
I've started using the cpanel_exim_system_filter_custom to filter emails for the server. I've noticed since doing so the queue seems to always have delivery emails hung for a while. Before implementing the use of the file I rarely would see this.
Here is what I have
Code:
if (
 ("$h_to:, $h_cc:" ends ".date")
or ("$h_from:" ends ".date")
or ("$h_to:, $h_cc:" ends ".men")
or ("$h_from:" ends ".men")
or ("$h_to:, $h_cc:" ends ".us")
or ("$h_from:" ends ".us")
)
then
 logwrite "$tod_log $h_from $h_to (Ends date men)"
seen finish
endif
#For blocking all incoming and outgoing RUSSIAN emails
if (
 ("$h_to:, $h_cc:" contains ".date")
or ("$h_from:" contains ".date")
or ("$h_to:, $h_cc:" contains ".men")
or ("$h_from:" contains ".men")
or ("$h_to:, $h_cc:" contains ".life")
or ("$h_from:" contains ".life")
or ("$h_to:, $h_cc:" contains ".ru")
or ("$h_from:" contains ".ru")
or ("$h_to:, $h_cc:" contains ".stream")
or ("$h_from:" contains ".stream")
or ("$h_to:, $h_cc:" contains "qq.com")
or ("$h_from:" contains "qq.com")
or ("$h_to:, $h_cc:" ends ".us")
or ("$h_from:" ends ".us")
)
then
 logwrite "$tod_log $h_from $h_to (contains ru qq.com strean date)"
seen finish
endif

# send everything with SPAM in subject to null
if
 $header_subject: contains "SPAM"
then
 logwrite "$tod_log $h_from $h_to $header_subject (subject contains SPAM)"
 save "/dev/null" 660
seen finish
endif
Notice I've also now tried to use "ends" instead of "contains" because I want to remove emails that end with something. It seems even though the contains is ".ru" for example it seems to remove emails with ru in them.
I really need to use the cpanel_exim_system_filter_custom since there are several domains that would benefit from this rather than a separate filter for each domain.
What am I doing wrong or is there a better way?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I've noticed since doing so the queue seems to always have delivery emails hung for a while.
Hello,

Could you provide some more information about what's happening to the emails? For instance, does the initial delivery attempt fail? If so, do you notice any specific output for these messages in /var/log/exim_mainlog?

Thank you.
 

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
Michael, I'm not sure if this is what you mean. This example I see still in queue and here is a line from the exim_mainlog
Code:
2017-09-12 13:06:47 1drodz-0007SP-0a <= [email protected]tetranslations.com H=affordableaccuratetranslations.com (mail.affordableaccuratetranslations.com) [23.247.14.116]:52665 P=esmtp S=23764 [email protected]ations.com T="Order printer ink online." for [email protected][\code]

when I hit the deliver button (I'm using Configserv Mail Que manager) it shows me 
[code]
LOG: MAIN
  cwd=/usr/local/cpanel/whostmgr/docroot 4 args: exim -v -M 1drodz-0007SP-0a
delivering 1drodz-0007SP-0a
LOG: MAIN
  => /dev/null <[email protected]> R=central_filter T=**bypassed**
LOG: MAIN
  Completed
and is cleared from the queue

this is what is in the /var/log/filter.log
Code:
2017-09-12 13:06:47 "Printer Ink Options" <[email protected]> <[email protected]> ***SPAM***  Order printer ink online. (subject contains SPAM)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

You may want to consider breaking down those filter rules into smaller individual filters to see if that improves the performance. Here's a quote from our filter documentation:

We strongly recommend that you use multiple, simple filters instead of a single large filter. Exim, the server's mail transfer agent, handles many small rules more efficiently than a single large rule.
Thank you.
 

asmithjr

Well-Known Member
Jun 13, 2003
516
8
168
Do you mean like this?
Code:
if ("$h_to:,$h_from" matches " [email protected]+\.bid")
then
 logwrite "$tod_log $h_from $h_to (matches ends with bid)"
seen finish
endif
if ("$h_to:,$h_from" matches " [email protected]+\.date")
then
 logwrite "$tod_log $h_from $h_to (matches ends with bid)"
seen finish
endif
if ("$h_to:,$h_from" matches " [email protected]+\.life")
then
 logwrite "$tod_log $h_from $h_to (matches ends with bid)"
seen finish
endif
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Yes, that's correct.

Thank you.