Exim Custom Filters don't work

diracuser · May 30, 2018

Hello,

My exim sever and the SpamAssasin doesn't check all the spam..
I have seen that certains domains send all the time spam, so I create new rules to block them
But this new rules they are not working...
This morning I recieved a email where return-path: contains @a2hosting.com ..

I create this file :/usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
wtih this code (it's supposed that in [email protected] will recieve all the spam detected):

Code:

if first_delivery
and (
("$h_from:" matches ".+@.+\\\\.asia[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.bid[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.click[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.cricket[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.date[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ec[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.exercise[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.gen.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.net.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.link[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ninja[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.party[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.review[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.rocks[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.science[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.space[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.stream[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.sk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.uno[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.website[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.work[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.xyz[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.za[^a-zA-Z0-9_]")
or ("$h_return-path:" contains "a2hosting.com")
)
then
headers add "SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_subject:)"
deliver "[email protected]"
seen finish
endif

And then in Exim Configuration Manager --> Basic Editor --> Filter -->Custom Filter: inbount_tld_block I check "ON"
And I save.

How can I check that the rules are ok?

rpvw · May 30, 2018

For the headers rewrite part of your rule, try this

Code:

then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_old-subject:)"
headers remove "Old-Subject"
deliver "[email protected]"
endif

If you just want to send the email to a black-hole use

Code:

then
seen finish
endif

Don't attempt to use both a header rewrite and a black-hole delivery on the same rule.

diracuser · May 30, 2018

Thank you rpvw.

I rewrite the rule. I will check if now works...

I have one question: are the rules case-sensitive ?
For exemple I write $h_return-path in lowercase . Is this correct ?

I can see that you write : Old-Subject as header in upper-lowercase and the variable in lowercase ....

Thank you

diracuser · May 30, 2018

Hello again.

I try to send spam emails to my server, and I check that if I send as
"[email protected]" the system-filter catch this email and send to [email protected] without subject modification.
If I send as "[email protected]" the filter doesn't check the email and I recieve in my inbox ....
I check and the return-path is: [email protected]

Any ideas?

Thank you

rpvw · May 30, 2018

This is what I do to include custom exim filters:

1) Add a new filter file to /usr/local/cpanel/etc/exim/sysfilter/options/ eg
inbound_tld_block (IMPORTANT: new file should have blank line at top and bottom)

2) Go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....

Code:

Your changes have been saved.

Restarting cPanel daemons...done.

Updating your system to reflect any changes...
Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.

Done.

Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.

and you will see in the newly generated /etc/cpanel_exim_system_filter file the following

Code:

# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf

....your filter code here....

# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block

cPanelLauren · May 30, 2018

Thank you @rpvw for the detailed reply this is great advice.

diracuser · May 31, 2018

Thank you @rpvw .
After modify the file I didn't press the button "Save" in EximConfiguration --> Basic Editor --> Filter.

I Know that every modification in that custom file I have to save.

Thread starter	Similar threads	Forum	Replies	Date
B	SOLVED Exim Custom Filter for outbound messages	Email	10	Nov 9, 2022
	Custom user exim filter with custom rules	Email	5	Oct 28, 2022
N	EXIM custom filter to block email address in name field?	Email	1	Jun 8, 2022
T	[Exim] Apply custom filter only to incoming messages	Email	1	Sep 17, 2021
	EXIM custom filter to block email address in name field?	Email	6	Oct 7, 2019

Search

Search

Exim Custom Filters don't work

diracuser

Active Member

rpvw

Well-Known Member

diracuser

Active Member

diracuser

Active Member

rpvw

Well-Known Member

cPanelLauren

Product Owner II

diracuser

Active Member