Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim Custom Filters don't work

Discussion in 'E-mail Discussion' started by diracuser, May 30, 2018.

Tags:
  1. diracuser

    diracuser Active Member

    Joined:
    Oct 22, 2014
    Messages:
    38
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello,

    My exim sever and the SpamAssasin doesn't check all the spam..
    I have seen that certains domains send all the time spam, so I create new rules to block them
    But this new rules they are not working...
    This morning I recieved a email where return-path: contains @a2hosting.com ..

    I create this file :/usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
    wtih this code (it's supposed that in spam@mydomain.com will recieve all the spam detected):


    Code:
    if first_delivery
    and (
    ("$h_from:" matches ".+@.+\\\\.asia[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.bid[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.click[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.cricket[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.date[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.ec[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.exercise[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.co.in[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.gen.in[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.net.in[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.link[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.ninja[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.party[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.review[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.rocks[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.science[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.space[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.stream[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.sk[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.uno[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.website[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.work[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.xyz[^a-zA-Z0-9_]")
    or ("$h_from:" matches ".+@.+\\\\.za[^a-zA-Z0-9_]")
    or ("$h_return-path:" contains "a2hosting.com")
    )
    then
    headers add "SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_subject:)"
    deliver "spam@mydomain.com"
    seen finish
    endif


    And then in Exim Configuration Manager --> Basic Editor --> Filter -->Custom Filter: inbount_tld_block I check "ON"
    And I save.

    How can I check that the rules are ok?
     
    #1 diracuser, May 30, 2018
    Last edited by a moderator: May 30, 2018
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    666
    Likes Received:
    221
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    For the headers rewrite part of your rule, try this
    Code:
    then
    headers add "Old-Subject: $h_subject:"
    headers remove "Subject"
    headers add "Subject: SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_old-subject:)"
    headers remove "Old-Subject"
    deliver "spam@mydomain.com"
    endif
    If you just want to send the email to a black-hole use
    Code:
    then
    seen finish
    endif
    Don't attempt to use both a header rewrite and a black-hole delivery on the same rule.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. diracuser

    diracuser Active Member

    Joined:
    Oct 22, 2014
    Messages:
    38
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Thank you rpvw.

    I rewrite the rule. I will check if now works...

    I have one question: are the rules case-sensitive ?
    For exemple I write $h_return-path in lowercase . Is this correct ?

    I can see that you write : Old-Subject as header in upper-lowercase and the variable in lowercase ....


    Thank you
     
  4. diracuser

    diracuser Active Member

    Joined:
    Oct 22, 2014
    Messages:
    38
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello again.

    I try to send spam emails to my server, and I check that if I send as
    "hello@mydomain.bid" the system-filter catch this email and send to spam@mydomain.com without subject modification.
    If I send as "hello@example.com" the filter doesn't check the email and I recieve in my inbox ....
    I check and the return-path is: hello@example.com

    Any ideas?

    Thank you
     
    #4 diracuser, May 30, 2018
    Last edited by a moderator: May 31, 2018
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    666
    Likes Received:
    221
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    This is what I do to include custom exim filters:

    1) Add a new filter file to /usr/local/cpanel/etc/exim/sysfilter/options/ eg
    inbound_tld_block (IMPORTANT: new file should have blank line at top and bottom)

    2) Go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....
    Code:
    Your changes have been saved.
    
    Restarting cPanel daemons...done.
    
    Updating your system to reflect any changes...
    Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.
    
    Done.
    
    Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.
    
    and you will see in the newly generated /etc/cpanel_exim_system_filter file the following
    Code:
    # BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
    # (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
    # or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
    
    ....your filter code here....
    
    # END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,350
    Likes Received:
    90
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Thank you @rpvw for the detailed reply this is great advice.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. diracuser

    diracuser Active Member

    Joined:
    Oct 22, 2014
    Messages:
    38
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Thank you @rpvw .
    After modify the file I didn't press the button "Save" in EximConfiguration --> Basic Editor --> Filter.

    I Know that every modification in that custom file I have to save.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice