The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim filters for spam check

Discussion in 'General Discussion' started by Wallaby, Dec 19, 2006.

  1. Wallaby

    Wallaby Well-Known Member

    Joined:
    Aug 15, 2001
    Messages:
    131
    Likes Received:
    1
    Trophy Points:
    18
    Need some help with Exim config and Exin filters...

    We use an antispam appliance to filter incoming mail. BUT some spammers send directly to the mailserver, ignoring the MX records. The antispam appliance adds a header to mail it has seen, so my first thought is to use an Exim filter to check for mail that does not have that special header:

    Code:
    # Exim filter 
    if not first_delivery and error_message then finish endif
    if $header_X-My-Special-Header: is "" then 
      deliver <maybespam@domain.com>
    endif
    This works great. BUT, it also catches valid mail sent from another domain on the same server, which is listed in local domains and hence does not go through the antispam appliance.

    So my question is: can I check in my filter whether the sender domain is local?

    Another thought I had was to check in the headers for

    X-AntiAbuse: Primary Hostname - server-name.maindomain.com

    which is added by Exim to outgoing mail. BUT, this header is not added to mail sent to another local domain. Aaargh! Is there a way of telling Exim to add a certain header to *all* mail, including that to local domains?

    Cheers!
     
  2. Wallaby

    Wallaby Well-Known Member

    Joined:
    Aug 15, 2001
    Messages:
    131
    Likes Received:
    1
    Trophy Points:
    18
    OK, I answered my own question after quite a bit of googling. Use this AT YOUR OWN RISK!

    To get a situation where mail sent from local domains is not treated as possible spam, we can add a custom header to *all* mail sent from the mailserver, even local mail. We can do this in the Exim configuration file, within one of the areas that CPanel allows us to make edits/additions, using the Exim configuration editor.

    1. Create a filter file /etc/vfilters/yourdomain.com as follows:

    Code:
    # Exim filter 
       
    if not first_delivery and error_message then finish endif
       
    if $header_X-Spam-Appliance-Header: is "" then
      if $header_X-My-Special-Header: is "" then
        deliver <maybespam@yourdomain.com>
      endif
    endif
    2. Open the Exim advanced config editor in WHM and find this text in the config file:

    Code:
    #!!# ACL that is used after the DATA command
    check_message:
      require verify = header_sender
      accept
    Change it to:

    Code:
    #!!# ACL that is used after the DATA command
    check_message:
       require verify = header_sender
    
    # add custom header
    warn message = X-My-Special-Header: ServerName
    
    accept
    obviously changing the header name and text as needed.

    3. Save the Exim config. Test it all works.

    4. To discard the email instead of sending it to the maybespam mailbox, change

    Code:
    	deliver <maybespam@yourdomain.com>
    to

    Code:
    	save "/dev/null" 660
    in the filter.

    Comments/corrections welcome.
     
  3. Wallaby

    Wallaby Well-Known Member

    Joined:
    Aug 15, 2001
    Messages:
    131
    Likes Received:
    1
    Trophy Points:
    18
    Groan...

    I spoke too soon. The amendment to the Exim config file adds the header to *all* messages, not just messages sent out by Exim or those incoming from local domains.

    Please.... if you understand Exim I'd really appreciate some help understanding how I can add a custom header *only* to messages either sent by Exim, or messages incoming from local domains, so I can filter out local messages.

    There must be someone out there?

    I've tried

    warn message my-header
    domains = +local_domains

    and it has no effect -- header is added to all messages.
     
  4. Wallaby

    Wallaby Well-Known Member

    Joined:
    Aug 15, 2001
    Messages:
    131
    Likes Received:
    1
    Trophy Points:
    18
    Well just in case anyone's interested, I found the answer: a condition is needed.

    So, to add the extra header to mail sent from local domains:

    1. Find this section in the Exim config file:

    #!!# This new section of the configuration contains ACLs #!!#

    2. In the middle box below this section, find:

    require verify = sender
    accept domains = +local_domains
    endpass

    and immediately *above* it add these lines:

    # add custom header
    warn message = X-My-Custom-Header: ServerName
    domains = +local_domains
    condition = ${if match_domain{$sender_address_domain}{+local_domains} {yes}{no}}

    (amended as you need) which adds a header to mail sent from local domains.

    Save the Exim configuration and let Exim restart: check that no errors are produced and check that Exim is still able to send mail.
     
Loading...

Share This Page