Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do email filters work on full RFC2822 address?

Discussion in 'E-mail Discussions' started by Peter Lindstrom, Jan 25, 2018.

Tags:
  1. Peter Lindstrom

    Joined:
    Jan 25, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ottawa, Canada
    cPanel Access Level:
    Reseller Owner
    Do the cpanel email filters work on the entire RFC2822 email address? I am trying to filter spam emails which come from addresses of this format:

    Fannie H. <fannie.h@domain.tld>

    The pattern in all the emails is the Fannie H. part, not the actual address. I get 50 spam emails a day from people like:
    Fannie H.
    Peter L.
    Susan R.
    etc...

    I wrote this regex filter: [A-Z][a-z]* [A-Z]\. \<.*\>

    and i tested it with the mail filter. The mail filter suggests that it works; but i continue to get the emails. My guess would be a bug in the filter (as this should work) as well as a bug in the filter tester (since it suggests filter works; but doesn't).
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,437
    Likes Received:
    1,608
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, it should be possible to filter the "from" name in that manner. Could you let us know the exact filter rule you created, and an example of an entry in /var/log/exim_mainlog for an email that was not properly filtered? Ensure to replace real domain names and IP addresses with examples when pasting the output.

    Thank you.
     
  3. Peter Lindstrom

    Joined:
    Jan 25, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ottawa, Canada
    cPanel Access Level:
    Reseller Owner
    I am not sure what you mean by "the exact filter", is their an export feature to export the rule? As i posted above the rule is a regex rule with this pattern: [A-Z][a-z]* [A-Z]\. \<.*\>

    A screenshot of the cpanel config: [removed - please attach images directly in the response]

    Hmm... looking through the exim log i do not see a record of the 3 emails which match this pattern which i have recently received. Very odd. I tried sending an email from an address that matches the pattern and i get a 550 request fail email returned saying the mailbox is unavailable - which sounds like it is correct. Yet, i have 3 emails since i added the filter which seem to violate the filter.

    I will change the filter from discard to redirect to email to get a better idea if anything is being filtered.
     
  4. Peter Lindstrom

    Joined:
    Jan 25, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ottawa, Canada
    cPanel Access Level:
    Reseller Owner
    I changed the name on my gmail account to Peter L. and tested from there and now i see entry in exim log (and email is not filtered):

    2018-01-25 16:01:59 1eeoei-0004MW-M5 H=mail-vk0-f53.google.com [209.85.213.53]:38737 Warning: "SpamAssassin as admin detected message as NOT spam (-2.0)"
    2018-01-25 16:01:59 1eeoei-0004MW-M5 H=mail-vk0-f53.google.com [209.85.213.53]:38737 Warning: Message has been scanned: no virus or other harmful content was found
    2018-01-25 16:01:59 1eeoei-0004MW-M5 <= peter.mygmail@gmail.com H=mail-vk0-f53.google.com [209.85.213.53]:38737 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=4250 id=CAOasbLnbWZS9YXQaN6eAfELVwjephPxVM3Uxm90RNFhhtEiUbg@mail.gmail.com T="test 8" for peter@mycompany.ca
    2018-01-25 16:01:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1eeoei-0004MW-M5
    2018-01-25 16:01:59 SMTP connection from mail-vk0-f53.google.com [209.85.213.53]:38737 closed by QUIT
    2018-01-25 16:01:59 1eeoei-0004MW-M5 => peter <peter@mycompany.ca> R=virtual_user T=virtual_userdelivery
    2018-01-25 16:01:59 1eeoei-0004MW-M5 Completed
     
  5. Peter Lindstrom

    Joined:
    Jan 25, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ottawa, Canada
    cPanel Access Level:
    Reseller Owner
    I have now added some simple filters such as "From contains" and included part of the actual email address. This also does not work. So perhaps i am missing something else here?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,437
    Likes Received:
    1,608
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  7. Peter Lindstrom

    Joined:
    Jan 25, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ottawa, Canada
    cPanel Access Level:
    Reseller Owner
    hmm.. but for the last test, redirecting to an address with my email address contained in from, i do see the redirect address listed for this email in the exim log as such:

    2018-01-25 16:29:37 1eep5S-0004pr-RL H=mail-ua0-f182.google.com [209.85.217.182]:36054 Warning: "SpamAssassin as admin detected message as NOT spam (-2.0)"
    2018-01-25 16:29:37 1eep5S-0004pr-RL H=mail-ua0-f182.google.com [209.85.217.182]:36054 Warning: Message has been scanned: no virus or other harmful content was found
    2018-01-25 16:29:37 1eep5S-0004pr-RL <= peter.mygmail@gmail.com H=mail-ua0-f182.google.com [209.85.217.182]:36054 P=esmtps X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no S=4247 id=CAOasbLmerW5C=+QHj6Zg-tLE37ti1LRW_L10CmEijystMTr24A@mail.gmail.com T="test 11" for peter@mycompany.ca
    2018-01-25 16:29:37 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1eep5S-0004pr-RL
    2018-01-25 16:29:37 SMTP connection from mail-ua0-f182.google.com [209.85.217.182]:36054 closed by QUIT
    2018-01-25 16:29:37 1eep5S-0004pr-RL => junk (filter_test@myredirect.ca) <peter@mycompany.ca> R=virtual_user T=virtual_userdelivery
    2018-01-25 16:29:37 1eep5S-0004pr-RL Completed

    but email still shows up at original address and not the redirect one.
     
  8. Peter Lindstrom

    Joined:
    Jan 25, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ottawa, Canada
    cPanel Access Level:
    Reseller Owner
    I have no option in WHM to "Create a support ticket". Perhaps i need to get my hosting company to raise the ticket.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,437
    Likes Received:
    1,608
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Yes, if you only have reseller access, please report the issue to your web hosting provider so they can take a closer look. They can then open a support ticket with us if necessary.

    Thank you.
     
Loading...

Share This Page