Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cpanel_exim_system_filter_custom rules blocking facebook

Discussion in 'E-mail Discussion' started by StoneyCreeker, Jun 17, 2014.

  1. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    I have set up some rules in the cpanel_exim_system_filter_custom file and am having an unexpected result.

    It has been working great for over a week to globally filter the emails across my VPS. I have 31 domains in it and now I only have to set a rule up once to block common spammer "from" and "subject" terms.

    I am only using "from"and "subject" rules and do not have any rules specifying "facebook" but it is blocking them. If I remove the rules from the bottom of the cpanel_exim_system_filter_custom file, the facebook email delivers normally.

    Here is the email header I receive when I remove the rules:
    Code:
    [COLOR="#0000CD"]Return-path: <notification+kr4k54mkqbnr@facebookmail.com>
    Envelope-to: [email]xxxxxx@xxx.com[/email]
    Delivery-date: Tue, 17 Jun 2014 10:11:26 -0400
    Received: from outmail035.prn2.facebook.com ([66.220.144.162]:62645 helo=mx-out.facebook.com)
    	by xmyserverdomain.com with esmtps (TLSv1:DHE-RSA-AES128-SHA:128)
    	(Exim 4.82)
    	(envelope-from <notification+kr4k54mkqbnr@facebookmail.com>)
    	id 1Wwu6c-00042y-Kk
    	for [email]xxxxxx@xxxxxx.com[/email]; Tue, 17 Jun 2014 10:11:26 -0400
    Received: from facebook.com (knG4/qU0TesChw2NpLmCsFo0Pa4GVzpcy6am1I7QExB9hBcKmJjWCFbK4qvwNG+6 10.102.107.73)
     by facebook.com with Thrift id 3b7b7ec0f62911e396380002c9e0736a-7bfc430;
     Tue, 17 Jun 2014 07:11:10 -0700
    X-Facebook: from 2401:db00:20:30c7:face:0:4f:0 ([MTI3LjAuMC4x]) 
    	by [url]www.facebook.com[/url] with HTTP (ZuckMail);
    Date: Tue, 17 Jun 2014 07:11:10 -0700
    To: xxxxxx <xxxxxx@xxxxxx.com>
    From: "Facebook" <notification+kr4k54mkqbnr@facebookmail.com>
    Reply-to: noreply <noreply@facebookmail.com>
    Subject: Just one more step to get started on Facebook[/COLOR]
    [B]
    Here is my filter list if someone smarter than me can help please:[/B]
    
     #3BureauMonitoring
    if
     $header_from: contains "3BureauMonitoring"
    then
     seen finish
    endif
    
    #BloodPressureFix
    if
     $header_from: contains "BloodPressureFix"
    then
     seen finish
    endif
    
    
    #Blood Pressure Solution
    if
     $header_from: contains "Blood Pressure Solution"
    then
     seen finish
    endif
    
    #Bosley Hair
    if
     $header_from: contains "Bosley Hair"
    then
     seen finish
    endif
    
    
    #Business
    if
     $header_from: contains "Business"
    then
     seen finish
    endif
    
    #Business Grants from
    if
     $header_from: contains "Business Grants"
    then
     seen finish
    endif
    
    #Business Funding from
    if
     $header_from: contains "Business Funding"
    then
     seen finish
    endif
    
    #Consolidate
    if
     $header_from: contains "Consolidate"
    then
     seen finish
    endif
    
    #Consolidate Debt from
    if
     $header_from: contains "Consolidate Debt"
    then
     seen finish
    endif
    
    #CouponXplorer
    if
     $header_from: contains "CouponXplorer"
    then
     seen finish
    endif
    
    #Credit
    if
     $header_from: contains "Credit"
    then
     seen finish
    endif
    
    #Flex from
    if
     $header_from: contains "Flex"
    then
     seen finish
    endif
    
    #FS360
    if
     $header_from: contains "FS360"
    then
     seen finish
    endif
    
    #FSUSA
    if
     $header_from: contains "FSUSA"
    then
     seen finish
    endif
    
    #FreeScore360
    if
     $header_from: contains "FreeScore360"
    then
     seen finish
    endif
    
    #Grand Palace from
    if
     $header_from: contains "Grand Palace"
    then
     seen finish
    endif
    
    #Groupon
    if
     $header_from: contains "Groupon"
    then
     seen finish
    endif
    
    #Home Security
    if
     $message_headers contains "Home Security"
    then
     seen finish
    endif
    
    #High Speed Internet
    if
     $message_headers contains "High Speed Internet"
    then
     seen finish
    endif
    
    #imnicamail.com
    if
     $message_headers contains "imnicamail.com"
    then
     seen finish
    endif
    
    #Internal Fax from
    if
     $header_from: contains "Internal Fax"
    then
     seen finish
    endif
    
    #Internet Phone
    if
     $header_from: contains "Internet Phone"
    then
     seen finish
    endif
    
    
    #LASIK
    if
     $header_from: contains "LASIK"
    then
     seen finish
    endif
    
    #Lending Tree
    if
     $header_from: contains "Lending Tree"
    then
     seen finish
    endif
    
    #Luxury Home
    if
     $header_from: contains "Luxury Home"
    then
     seen finish
    endif
    
    #Maid Services
    if
     $header_from: contains "Maid Services"
    then
     seen finish
    endif
    
    #Medical Billing and Coding
    if
     $header_from: contains "Medical Billing and Coding"
    then
     seen finish
    endif
    
    #Medicare Plans
    if
     $header_from: contains "Medicare Plans"
    then
     seen finish
    endif
    
    #New Windows
    if
     $header_from: contains "new windows"
    then
     seen finish
    endif
    
    
    #notice to appear
    if
     $header_from: contains "notice to appear"
    then
     seen finish
    endif
    
    #notice of Appearance
    if
     $header_from: contains "Notice of Appearance"
    then
     seen finish
    endif
    
    #garcinia
    if
     $header_from: contains "garcinia"
    then
     seen finish
    endif
    
    #Marine
    if
     $header_from: contains "Marine"
    then
     seen finish
    endif
    
    #NeighborhoodAlert
    if
     $header_from: contains "NeighborhoodAlert"
    then
     seen finish
    endif
    
    #Nutrisystem
    if
     $header_from: contains "Nutrisystem"
    then
     seen finish
    endif
    
    #Nursing
    if
     $header_from: contains "Nursing"
    then
     seen finish
    endif
    
    #Notification
    if
     $header_from: contains "Notification"
    then
     seen finish
    endif
    
    #Notice
    if
     $header_from: contains "Notice"
    then
     seen finish
    endif
    
    #Norwegian Cruise Line
    if
     $header_from: contains "Norwegian Cruise Line"
    then
     seen finish
    endif
    
    #NextGear
    if
     $header_from: contains "NextGear"
    then
     seen finish
    endif
    
    #Oil Change
    if
     $header_from: contains "Oil Change"
    then
     seen finish
    endif
    
    #OmegaK
    if
     $header_from: contains "OmegaK"
    then
     seen finish
    endif
    
    #Online Doctorate
    if
     $header_from: contains "Online Doctorate"
    then
     seen finish
    endif
    
    #pennystocktweeters.com
    if
     $header_from: contains "pennystocktweeters.com"
    then
     seen finish
    endif
    
    #Private Yacht
    if
     $header_from: contains "Private Yacht"
    then
     seen finish
    endif
    
    #Platinum Credit from
    if
     $header_from: contains "Platinum Credit"
    then
     seen finish
    endif
    
    #replacement window
    if
     $header_from: contains "replacement window"
    then
     seen finish
    endif
    
    #Replace Your Windows
    if
     $header_from: contains "Replace Your Windows"
    then
     seen finish
    endif
    
    #replacement windows
    if
     $header_from: contains "replacement windows"
    then
     seen finish
    endif
    
    #Replacement Window
    if
     $header_from: contains "Replacement Window"
    then
     seen finish
    endif
    
    #Restore My Vision Today
    if
     $header_from: contains "Restore My Vision Today"
    then
     seen finish
    endif
    
    #Restore My Vision
    if
     $header_from: contains "Restore My Vision"
    then
     seen finish
    endif
    
    #Restore My Vision
    if
     $header_from: contains "Restore My Vision"
    then
     seen finish
    endif
    
    #Reverse Your Diabetes
    if
     $header_from: contains "Reverse Your Diabetes"
    then
     seen finish
    endif
    
    #RussianBrides
    if
     $header_from: contains "RussianBrides"
    then
     seen finish
    endif
    
    #Shed Building Guide
    if
     $header_from: contains "Shed Building Guide"
    then
     seen finish
    endif
    
    #Satellite Internet from
    if
     $header_from: contains "Satellite Internet"
    then
     seen finish
    endif
    
    #simply ink
    if
     $header_from: contains "simply ink"
    then
     seen finish
    endif
    
    #Slim Spray
    if
     $header_from: contains "Slim Spray"
    then
     seen finish
    endif
    
    #Spy Camera from
    if
     $header_from: contains "Spy Camera"
    then
     seen finish
    endif
    
    #Small Business Loan from
    if
     $header_from: contains "Small Business Loan"
    then
     seen finish
    endif
    
    #SmallCap network
    if
     $header_from: contains "SmallCap Network "
    then
     seen finish
    endif
    
    #South Beach Diet
    if
     $header_from: contains "South Beach Diet"
    then
     seen finish
    endif
    
    #sweetjack
    if
     $header_from: contains "sweetjack"
    then
     seen finish
    endif
    
    #The South Beach Diet
    if
     $header_from: contains "The South Beach Diet"
    then
     seen finish
    endif
    
    #The Timeshare professionals
    if
     $header_from: contains "The Timeshare professionals"
    then
     seen finish
    endif
    
    #TedsWoodWorking
    if
     $header_from: contains "TedsWoodWorking"
    then
     seen finish
    endif
    
    #Testoril
    if
     $header_from: contains "Testoril"
    then
     seen finish
    endif
    
    #Travelocity
    if
     $header_from: contains "Travelocity"
    then
     seen finish
    endif
    
    #Viagra Subject
    if
     $header_subject: contains "Viagra"
    then
      seen finish
    endif
    
    #viagraonline
    if
     $header_subject: contains "viagraonline"
    then
      seen finish
    endif
    
    #viagra from
    if
     $header_from: contains "viagra"
    then
         seen finish
    endif
    
    #Viagra From
    if
     $header_from: contains "Viagra"
    then
     seen finish
    endif
    
    #Voice Mail
    if
     $header_from: contains "Voice Mail"
    then
     seen finish
    endif
    
    #vydox
    if
     $header_from: contains "vydox"
    then
     seen finish
    endif
    
    #Walk-inTub
    if
     $header_from: contains "Walk-inTub"
    then
     seen finish
    endif
    
    #WebMD
    if
     $header_from: contains "WebMD"
    then
     seen finish
    endif
    
    #Wireless Internet from
    if
     $header_from: contains "Wireless Internet"
    then
     seen finish
    endif
    
    #Xerox WorkCentre from
    if
     $header_from: contains "Xerox WorkCentre"
    then
     seen finish
    endif
    
    #ZeroClosing
    if
     $header_from: contains "ZeroClosing"
    then
     seen finish
    endif
     
    #1 StoneyCreeker, Jun 17, 2014
    Last edited by a moderator: Jun 17, 2014
  2. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    To answer my own question, which I should have seen prior to posting, it was the rule:

    #Notification
    if
    $header_from: contains "Notification"
    then
    seen finish
    endif


    I noticed, (no pun intended), that the header from the email had this word in it here:

    (envelope-from <notification+kr4k54mkqbnr@facebookmail.com>)

    When I removed this rule the email delivered normally.

    I hope this helps someone else.

    Also the above spam filter rule list seems to work good at this time.

    If anyone has a suggestion that would make it work better please post it.

    Is there a way to add a line to send them to an email account on my server prior to the "seen endif" line?

    Thanks!!!!

    Still learning after all these years.
     
  3. StoneyCreeker

    StoneyCreeker Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Upper-East TN
    cPanel Access Level:
    Root Administrator
    Me again!

    I created an email account named "globalspam" and then modified each rule to send a copy of each email deleted by this "cpanel_exim_system_filter_custom" file rule to it then deleted it before it reached the intended recipient so I can monitor what each rule is really doing. :)

    I modified each rule as so:

    #Rule Name
    if
    $header_from: contains "Rule Value"
    then
    deliver "$home/mail/myserverdomain.com/globalspam/" 660
    seen finish
    endif



    It seems to be working now. And I know what is being blocked by it. I expect it will fill up quickly.

    Cheers!

    EDIT:

    Code:
    I found that instead of using
    
    deliver "$home/mail/myserverdomain.com/globalspam/" 660"
    
    that
    
    deliver "Global Spam <globalspam@mydomain.com>"
    
    worked much better
    
     
    #3 StoneyCreeker, Jun 17, 2014
    Last edited: Jun 18, 2014
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    I am happy to see you were able to find a solution. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice