Email - filters or fowarding ?

peterr

Well-Known Member
Sep 24, 2003
75
0
156
I have the default address set to :fail:

I don't use any accounts, but have all the email fowarded, by a few different foward records in CPanel. Being subscribed to a number of different forums, one of the fowarders was to simply fwd to my personal (ISP) email address.

Problem: - Now I'm getting a significant volume of spam, and it has come from a forum subscription. Somehow, the email address has been compromised, but as this fowarder is used for several forums, I have no idea where the "leak" is.

So, after reading this , I decided to try a filter. For testing purposes, I simply set it up as per the example, sent an email, but it bounced back. :(

The CPanel filter test told me this ........

Filter Trace

Filter Trace Results:

Match expanded arguments:
Subject = [email protected]
Pattern = [email protected]
Condition is true: $header_to: matches [email protected]
Condition is false: $message_headers contains test567
Return-path copied from sender
Sender = [email protected]
Recipient = [email protected]
Testing Exim filter file "/etc/vfilters/example.com"

Deliver message to: [email protected]
Filtering set up at least one significant delivery or other action.
No other deliveries will occur.
The email I sent was to [email protected]

1. The "test filter" in CPanel told me it would be deleivered to my ISP address, but it bounced. Is the filter test accurate ?

2. Does the email address "[email protected]" have to be a real address ? My ISP address ("Deliver message to") is a real address, but "[email protected]" is not. I can use an alias in a fowarder, so I assume an alias can be used in filtering also.

Any clues please ?
 

peterr

Well-Known Member
Sep 24, 2003
75
0
156
This does work. It works with forwarders, real address, both local and remote.

make sure it reads as:


Filter Maintenance


Filter Destination

$header_to: matches "[email protected]" [email protected]
I set it up exactly as you have shown, and a test email to "[email protected]" bounced back ..

550-"The recipient cannot be verified. Please check all
recipients of this
550 message to verify they are valid." (in reply to RCPT TO
command)
1. The email address "[email protected]" is not a real address. The domain "domain.com" is the domain where the Cpanel/filter is setup.

2. The email address "[email protected]" is a real address, at the ISP I use.

So, it sounds like the filter _should_ work okay, and send the email to my ISP email address, but it doesn't work as it should ?

Thanks !!
 

peterr

Well-Known Member
Sep 24, 2003
75
0
156
Does anyone else have filters setup like I require ?

1. Default address set to :fail:

2. Don't use any (email) accounts.

3. Have a few fowarders setup for other purposes.

4. Have a filter setup, defined as:

$header_to: matches "[email protected]" [email protected]

where "domain.com" is your domain, where CPanel is used.
"[email protected]" is a real address.

5. You can send an email to "[email protected]" and it gets delivered to "[email protected]"

Edit: 6. "[email protected]" is not a real address

Thanks !!
 
Last edited:

ujr

Well-Known Member
Mar 19, 2004
290
0
166
I can assure you that this does work okay.

You may want to tail your logs and see what sort of errors if any you are getting. That's probably the best place to look for clues. Post back what you find.
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,739
301
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
This is utter nonsense.

If the default address is set to :fail: and mail comes in to teh server destined for a nonexistant address, the MTA is going to reject the mail regardless of whatever filters you have in place.
 

peterr

Well-Known Member
Sep 24, 2003
75
0
156
yes, this won't work with fail, you also need to set up an accept condition in your exim conf.
Okay thanks. For now, the only method to do this will be by adding fowarders (aliases).

Thanks for your help. :)
 

ujr

Well-Known Member
Mar 19, 2004
290
0
166
>> This is utter nonsense.

yes, this won't work with fail, you also need to set up an accept condition in your exim conf.