Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Emails Filter Works Too Good

Discussion in 'E-mail Discussion' started by superiorinterne, Jul 30, 2015.

  1. superiorinterne

    superiorinterne Registered

    Joined:
    Jan 17, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    151
    I have been writing and rewriting a cpanel_exim_system_filter and I have tried just about everything I can find on forums everywhere, but still I am getting a lot of false positives. Below is the section that is causing the problem. The biggest problem are the ones that are just 2 letters (eg. .us and .ai). I have tried both of these filters +@.+\.us and
    .+@.+\.us[^a-zA-Z0-9_]. Both filters are picking up false positives like gus@domain.com, and is also picking up the domain extension which is what I want junk@spam.us. I want it to just catch the extension not within the email address itself. Any help is appreciated.

    Code:
    ##Ensure delivery from these domain extentions##
    logfile /var/log/filter.log
    if first_delivery
    and
    (
    $h_from: contains "state.sc.us"
    or $h_from: contains "sc.gov"
    or $h_from: contains ".gov"
    or $h_from: contains ".k12.sc.us"
    or $h_from: contains ".k12.nc.us"
    or $h_from: contains ".k12.ga.us"
    or $h_from: contains ".k12.nm.us"
    or $h_from: contains ".k12.wi.us"
    or $h_from: contains ".k12.wv.us"
    or $h_from: contains "uscourts.gov"
    or $h_from: contains "charlestoncpw.com"
    or $h_from: contains "earthlink.net"
    )
    then
    logwrite "$tod_log $h_from $h_to $h_subject"
    finish
    endif
    
    ##Block delivery from these domain extensions##
    logfile /var/log/filter.log
    if first_delivery
    and (
    ("$h_from:" matches " .+@.+\.space")
    or ("$h_from:" matches " .+@.+\.work")
    or ("$h_from:" matches " .+@.+\.click")
    or ("$h_from:" matches " .+@.+\.link")
    or ("$h_from:" matches " .+@.+\.rocks")
    or ("$h_from:" matches " .+@.+\.science")
    or ("$h_from:" matches " .+@.+\.xyz")
    or ("$h_from:" matches " .+@.+\.party")
    or ("$h_from:" matches " .+@.+\.review")
    or ("$h_from:" matches " .+@.+\.date")
    or ("$h_from:" matches " .+@.+\.webcam")
    or ("$h_from:" matches " .+@.+\.eu")
    or ("$h_from:" matches " .+@.+\.uk")
    or ("$h_from:" matches " .+@.+\.jp")
    or ("$h_from:" matches " .+@.+\.us")
    or ("$h_from:" matches " .+@.+\.ai")
    )
    then
    logwrite "$tod_log $h_from $h_to $h_subject"
    seen finish
    endif
    
    
     
    #1 superiorinterne, Jul 30, 2015
    Last edited by a moderator: Aug 3, 2015
  2. superiorinterne

    superiorinterne Registered

    Joined:
    Jan 17, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    151
    I believe that I have finally found the resolve to this problem on my own.

    It seems that something like this ("$h_from:" matches " .+@.+\.us") will scan everything after the @ for "us" including the domain name part of the email address. So it was picking up things like this user@forus.com. I am not that familiar with regular expression, but what I did was I added another .+ and tested it in a regular expression generator for validity.

    I have been testing for about 30 minutes and the new filter only seems to look at the extension now, so the new code is this.

    ("$h_from:" matches " .+@.+.+\.us")

    I hope this will help anyone that is having the same problem I was.
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,435
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    I'm happy to see you were able to resolve the issue. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    510
    Likes Received:
    5
    Trophy Points:
    168
    I am attempting to use this method in my cpanel_exim_system_filter_custom file also.
    I have
    Code:
    logfile /var/log/filter.log
    if first_delivery
    and (
    ("$h_from:" matches " .+@.+.+\.us")
    or ("$h_from:" matches " .+@.+.+\.club")
    or ("$h_from:" matches " .+@.+.+\.work")
    or ("$h_from:" matches " .+@.+.+\.link")
    or ("$h_from:" matches " .+@.+.+\.rocks")
    or ("$h_from:" matches " .+@.+.+\.science")
    or ("$h_from:" matches " .+@.+.+\.xyz")
    or ("$h_from:" matches " .+@.+.+\.party")
    or ("$h_from:" matches " .+@.+.+\.review")
    or ("$h_from:" matches " .+@.+.+\.date")
    or ("$h_from:" matches " .+@.+.+\.webcam")
    or ("$h_from:" matches " .+@.+.+\.eu")
    or ("$h_from:" matches " .+@.+.+\.ai")
    or ("$h_from:" matches " .+@.+.+\.is-great.net")
    or ("$h_from:" matches " .+@.+.+\.download")
    or ("$h_from:" matches " .+@.+.+\.maropost.com")
    or ("$h_from:" matches " .+@.+.+\.spectrum.com")
    or ("$h_from:" matches " .+@.+.+\.top")
    or ("$h_from:" matches " .+@.+.+\.seuiti.info")
    )
    then
    logwrite "$tod_log $h_from $h_to $h_subject (it matches)"
    seen finish
    endif
    however I see this entry in my filter.log file and I do not understand why.
    Code:
    2016-01-19 13:47:43 "Facebook" <notification+anmkkwgx@facebookmail.com> Garry Dinnerman <garry@bgatalent.com> Alisha Alder wants to be friends on Facebook (it matches)
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,435
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice