Exim Custom Filters don't work

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Hello,

My exim sever and the SpamAssasin doesn't check all the spam..
I have seen that certains domains send all the time spam, so I create new rules to block them
But this new rules they are not working...
This morning I recieved a email where return-path: contains @a2hosting.com ..

I create this file :/usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
wtih this code (it's supposed that in [email protected] will recieve all the spam detected):


Code:
if first_delivery
and (
("$h_from:" matches "[email protected]+\\\\.asia[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.bid[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.click[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.cricket[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.date[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.ec[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.exercise[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.co.in[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.gen.in[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.net.in[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.link[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.ninja[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.party[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.review[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.rocks[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.science[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.space[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.stream[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.sk[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.uno[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.website[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.work[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.xyz[^a-zA-Z0-9_]")
or ("$h_from:" matches "[email protected]+\\\\.za[^a-zA-Z0-9_]")
or ("$h_return-path:" contains "a2hosting.com")
)
then
headers add "SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_subject:)"
deliver "[email protected]"
seen finish
endif


And then in Exim Configuration Manager --> Basic Editor --> Filter -->Custom Filter: inbount_tld_block I check "ON"
And I save.

How can I check that the rules are ok?
 
Last edited by a moderator:

rpvw

Well-Known Member
Jul 18, 2013
1,101
459
113
UK
cPanel Access Level
Root Administrator
For the headers rewrite part of your rule, try this
Code:
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_old-subject:)"
headers remove "Old-Subject"
deliver "[email protected]"
endif
If you just want to send the email to a black-hole use
Code:
then
seen finish
endif
Don't attempt to use both a header rewrite and a black-hole delivery on the same rule.
 

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Thank you rpvw.

I rewrite the rule. I will check if now works...

I have one question: are the rules case-sensitive ?
For exemple I write $h_return-path in lowercase . Is this correct ?

I can see that you write : Old-Subject as header in upper-lowercase and the variable in lowercase ....


Thank you
 

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Hello again.

I try to send spam emails to my server, and I check that if I send as
"[email protected]" the system-filter catch this email and send to [email protected] without subject modification.
If I send as "[email protected]" the filter doesn't check the email and I recieve in my inbox ....
I check and the return-path is: [email protected]

Any ideas?

Thank you
 
Last edited by a moderator:

rpvw

Well-Known Member
Jul 18, 2013
1,101
459
113
UK
cPanel Access Level
Root Administrator
This is what I do to include custom exim filters:

1) Add a new filter file to /usr/local/cpanel/etc/exim/sysfilter/options/ eg
inbound_tld_block (IMPORTANT: new file should have blank line at top and bottom)

2) Go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....
Code:
Your changes have been saved.

Restarting cPanel daemons...done.

Updating your system to reflect any changes...
Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.

Done.

Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.
and you will see in the newly generated /etc/cpanel_exim_system_filter file the following
Code:
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf

....your filter code here....

# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
 
  • Like
Reactions: cPanelMichael

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Thank you @rpvw .
After modify the file I didn't press the button "Save" in EximConfiguration --> Basic Editor --> Filter.

I Know that every modification in that custom file I have to save.