The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Emails Filter Works Too Good

Discussion in 'E-mail Discussions' started by superiorinterne, Jul 30, 2015.

  1. superiorinterne

    superiorinterne Registered

    Joined:
    Jan 17, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I have been writing and rewriting a cpanel_exim_system_filter and I have tried just about everything I can find on forums everywhere, but still I am getting a lot of false positives. Below is the section that is causing the problem. The biggest problem are the ones that are just 2 letters (eg. .us and .ai). I have tried both of these filters +@.+\.us and
    .+@.+\.us[^a-zA-Z0-9_]. Both filters are picking up false positives like gus@domain.com, and is also picking up the domain extension which is what I want junk@spam.us. I want it to just catch the extension not within the email address itself. Any help is appreciated.

    Code:
    ##Ensure delivery from these domain extentions##
    logfile /var/log/filter.log
    if first_delivery
    and
    (
    $h_from: contains "state.sc.us"
    or $h_from: contains "sc.gov"
    or $h_from: contains ".gov"
    or $h_from: contains ".k12.sc.us"
    or $h_from: contains ".k12.nc.us"
    or $h_from: contains ".k12.ga.us"
    or $h_from: contains ".k12.nm.us"
    or $h_from: contains ".k12.wi.us"
    or $h_from: contains ".k12.wv.us"
    or $h_from: contains "uscourts.gov"
    or $h_from: contains "charlestoncpw.com"
    or $h_from: contains "earthlink.net"
    )
    then
    logwrite "$tod_log $h_from $h_to $h_subject"
    finish
    endif
    
    ##Block delivery from these domain extensions##
    logfile /var/log/filter.log
    if first_delivery
    and (
    ("$h_from:" matches " .+@.+\.space")
    or ("$h_from:" matches " .+@.+\.work")
    or ("$h_from:" matches " .+@.+\.click")
    or ("$h_from:" matches " .+@.+\.link")
    or ("$h_from:" matches " .+@.+\.rocks")
    or ("$h_from:" matches " .+@.+\.science")
    or ("$h_from:" matches " .+@.+\.xyz")
    or ("$h_from:" matches " .+@.+\.party")
    or ("$h_from:" matches " .+@.+\.review")
    or ("$h_from:" matches " .+@.+\.date")
    or ("$h_from:" matches " .+@.+\.webcam")
    or ("$h_from:" matches " .+@.+\.eu")
    or ("$h_from:" matches " .+@.+\.uk")
    or ("$h_from:" matches " .+@.+\.jp")
    or ("$h_from:" matches " .+@.+\.us")
    or ("$h_from:" matches " .+@.+\.ai")
    )
    then
    logwrite "$tod_log $h_from $h_to $h_subject"
    seen finish
    endif
    
    
     
    #1 superiorinterne, Jul 30, 2015
    Last edited by a moderator: Aug 3, 2015
  2. superiorinterne

    superiorinterne Registered

    Joined:
    Jan 17, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I believe that I have finally found the resolve to this problem on my own.

    It seems that something like this ("$h_from:" matches " .+@.+\.us") will scan everything after the @ for "us" including the domain name part of the email address. So it was picking up things like this user@forus.com. I am not that familiar with regular expression, but what I did was I added another .+ and tested it in a regular expression generator for validity.

    I have been testing for about 30 minutes and the new filter only seems to look at the extension now, so the new code is this.

    ("$h_from:" matches " .+@.+.+\.us")

    I hope this will help anyone that is having the same problem I was.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    475
    Likes Received:
    1
    Trophy Points:
    18
    I am attempting to use this method in my cpanel_exim_system_filter_custom file also.
    I have
    Code:
    logfile /var/log/filter.log
    if first_delivery
    and (
    ("$h_from:" matches " .+@.+.+\.us")
    or ("$h_from:" matches " .+@.+.+\.club")
    or ("$h_from:" matches " .+@.+.+\.work")
    or ("$h_from:" matches " .+@.+.+\.link")
    or ("$h_from:" matches " .+@.+.+\.rocks")
    or ("$h_from:" matches " .+@.+.+\.science")
    or ("$h_from:" matches " .+@.+.+\.xyz")
    or ("$h_from:" matches " .+@.+.+\.party")
    or ("$h_from:" matches " .+@.+.+\.review")
    or ("$h_from:" matches " .+@.+.+\.date")
    or ("$h_from:" matches " .+@.+.+\.webcam")
    or ("$h_from:" matches " .+@.+.+\.eu")
    or ("$h_from:" matches " .+@.+.+\.ai")
    or ("$h_from:" matches " .+@.+.+\.is-great.net")
    or ("$h_from:" matches " .+@.+.+\.download")
    or ("$h_from:" matches " .+@.+.+\.maropost.com")
    or ("$h_from:" matches " .+@.+.+\.spectrum.com")
    or ("$h_from:" matches " .+@.+.+\.top")
    or ("$h_from:" matches " .+@.+.+\.seuiti.info")
    )
    then
    logwrite "$tod_log $h_from $h_to $h_subject (it matches)"
    seen finish
    endif
    however I see this entry in my filter.log file and I do not understand why.
    Code:
    2016-01-19 13:47:43 "Facebook" <notification+anmkkwgx@facebookmail.com> Garry Dinnerman <garry@bgatalent.com> Alisha Alder wants to be friends on Facebook (it matches)
    
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page