Exim Custom Filters don't work

diracuser · May 30, 2018

Hello,

My exim sever and the SpamAssasin doesn't check all the spam..
I have seen that certains domains send all the time spam, so I create new rules to block them
But this new rules they are not working...
This morning I recieved a email where return-path: contains @a2hosting.com ..

I create this file :/usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
wtih this code (it's supposed that in spam@mydomain.com will recieve all the spam detected):

Code:

if first_delivery
and (
("$h_from:" matches ".+@.+\\\\.asia[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.bid[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.click[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.cricket[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.date[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ec[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.exercise[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.gen.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.net.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.link[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ninja[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.party[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.review[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.rocks[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.science[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.space[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.stream[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.sk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.uno[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.website[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.work[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.xyz[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.za[^a-zA-Z0-9_]")
or ("$h_return-path:" contains "a2hosting.com")
)
then
headers add "SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_subject:)"
deliver "spam@mydomain.com"
seen finish
endif

And then in Exim Configuration Manager --> Basic Editor --> Filter -->Custom Filter: inbount_tld_block I check "ON"
And I save.

How can I check that the rules are ok?

rpvw · May 30, 2018

For the headers rewrite part of your rule, try this
Code:
then
headers add "Old-Subject: $h_subject:"
headers remove "Subject"
headers add "Subject: SpamRule: EXIM FILTER Block Unwanted Domains (was: $h_old-subject:)"
headers remove "Old-Subject"
deliver "spam@mydomain.com"
endif
If you just want to send the email to a black-hole use
Code:
then
seen finish
endif
Don't attempt to use both a header rewrite and a black-hole delivery on the same rule.

diracuser · May 30, 2018

Thank you rpvw.

I rewrite the rule. I will check if now works...

I have one question: are the rules case-sensitive ?
For exemple I write $h_return-path in lowercase . Is this correct ?

I can see that you write : Old-Subject as header in upper-lowercase and the variable in lowercase ....

Thank you

diracuser · May 30, 2018

Hello again.

I try to send spam emails to my server, and I check that if I send as
"hello@mydomain.bid" the system-filter catch this email and send to spam@mydomain.com without subject modification.
If I send as "hello@example.com" the filter doesn't check the email and I recieve in my inbox ....
I check and the return-path is: hello@example.com

Any ideas?

Thank you

rpvw · May 30, 2018

This is what I do to include custom exim filters:

1) Add a new filter file to /usr/local/cpanel/etc/exim/sysfilter/options/ eg
inbound_tld_block (IMPORTANT: new file should have blank line at top and bottom)

2) Go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....
Code:
Your changes have been saved.

Restarting cPanel daemons...done.

Updating your system to reflect any changes...
Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.

Done.

Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.
and you will see in the newly generated /etc/cpanel_exim_system_filter file the following
Code:
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf

....your filter code here....

# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block

cPanelLauren · May 30, 2018

Thank you @rpvw for the detailed reply this is great advice.

diracuser · May 31, 2018

Thank you @rpvw .
After modify the file I didn't press the button "Save" in EximConfiguration --> Basic Editor --> Filter.

I Know that every modification in that custom file I have to save.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim Custom Filters don't work

diracuser Active Member

rpvw Well-Known Member

diracuser Active Member

diracuser Active Member

rpvw Well-Known Member

cPanelLauren Forums Analyst
Staff Member

diracuser Active Member

Exim custom filtering of email

trying to block tld with exim custom filter

custom exim filter for incoming mail

Block custom attachments EXIM issue

cPanel update wiped out custom Exim configuration

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim Custom Filters don't work

diracuser Active Member

rpvw Well-Known Member

diracuser Active Member

diracuser Active Member

rpvw Well-Known Member

cPanelLauren Forums Analyst Staff Member

diracuser Active Member

Exim custom filtering of email

trying to block tld with exim custom filter

custom exim filter for incoming mail

Block custom attachments EXIM issue

cPanel update wiped out custom Exim configuration

Share This Page

cPanelLauren Forums Analyst
Staff Member