Exim Custom Filters don't work

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Hello,

My exim sever and the SpamAssasin doesn't check all the spam..
I have seen that certains domains send all the time spam, so I create new rules to block them
But this new rules they are not working...
This morning I recieved a email where return-path: contains @a2hosting.com ..

I create this file :/usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
wtih this code (it's supposed that in [email protected] will recieve all the spam detected):


Code:
if first_delivery
and (
("$h_from:" matches ".+@.+\\\\.asia[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.bid[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.click[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.cricket[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.date[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ec[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.exercise[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.gen.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.net.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.link[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ninja[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.party[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.review[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.rocks[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.science[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.space[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.stream[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.sk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.uno[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.website[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.work[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.xyz[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.za[^a-zA-Z0-9_]")
or ("$h_return-path:" contains "a2hosting.com")
)
then
headers add "SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_subject:)"
deliver "[email protected]"
seen finish
endif


And then in Exim Configuration Manager --> Basic Editor --> Filter -->Custom Filter: inbount_tld_block I check "ON"
And I save.

How can I check that the rules are ok?
 
Last edited by a moderator:

rpvw

Well-Known Member
Jul 18, 2013
1,100
477
113
UK
cPanel Access Level
Root Administrator
For the headers rewrite part of your rule, try this
Code:
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_old-subject:)"
headers remove "Old-Subject"
deliver "[email protected]"
endif
If you just want to send the email to a black-hole use
Code:
then
seen finish
endif
Don't attempt to use both a header rewrite and a black-hole delivery on the same rule.
 

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Thank you rpvw.

I rewrite the rule. I will check if now works...

I have one question: are the rules case-sensitive ?
For exemple I write $h_return-path in lowercase . Is this correct ?

I can see that you write : Old-Subject as header in upper-lowercase and the variable in lowercase ....


Thank you
 

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Hello again.

I try to send spam emails to my server, and I check that if I send as
"[email protected]" the system-filter catch this email and send to [email protected] without subject modification.
If I send as "[email protected]" the filter doesn't check the email and I recieve in my inbox ....
I check and the return-path is: [email protected]

Any ideas?

Thank you
 
Last edited by a moderator:

rpvw

Well-Known Member
Jul 18, 2013
1,100
477
113
UK
cPanel Access Level
Root Administrator
This is what I do to include custom exim filters:

1) Add a new filter file to /usr/local/cpanel/etc/exim/sysfilter/options/ eg
inbound_tld_block (IMPORTANT: new file should have blank line at top and bottom)

2) Go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....
Code:
Your changes have been saved.

Restarting cPanel daemons...done.

Updating your system to reflect any changes...
Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.

Done.

Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.
and you will see in the newly generated /etc/cpanel_exim_system_filter file the following
Code:
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf

....your filter code here....

# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
 
  • Like
Reactions: cPanelMichael

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Thank you @rpvw .
After modify the file I didn't press the button "Save" in EximConfiguration --> Basic Editor --> Filter.

I Know that every modification in that custom file I have to save.