Email filter with a body "matches regex" not working

thepossum

Member
Jun 19, 2014
12
1
53
cPanel Access Level
Root Administrator
I'm trying to set up what should be a straightforward email filter. In short, a botnet is emailing a lot of .doc and .zip files and I want to filter them into a special folder instead of the Inbox.

It seems that it should be as simple as:

Body: matches regex
Content-Type: application/msword; name=".*\.doc"
Deliver to Folder: Filtered

The quick testing has this working, when I include a snippet of the email such as:

----950935275712795591635742887640851
Content-Type: application/x-zip-compressed; name="Form - Sep 22, 2020.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Form - Sep 22, 2020.zip"

UEsDBDMAAwBjAEOdNlGUvlTxZjUBACtrAgAXAAsARm9ybSAtIFNlcCAyMiwgMjAyMC5kb2MBmQcA
AgBBRQMIAJO8XGCtZTNpE0wlC3C+pjFzXicmeVAv6HwqZV52JO5qiE7XGXsZPVOkd+d9efG0qMLD
wVKDpkfrWFFfWq3k20G9g4cj0XpyI/G2keY1qTcUM/H4mHR9WdKzJf1sSADrKkUV1UACutpNLgJ3
hERzTTKuru2gnb8Yx3IvTpkdMOwDvYTWA687+2vLsUn525WzZ6CGBC1rl+vbBrYGzxf4GaR6krMG


But when I copied the entire email including the full attachment, that was ignored, and just delivered to my inbox normally. Is there perhaps a size limit on the Email filters?
 
Last edited:

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
this was discussed last week.
Does this help at all?