Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim Sysfilter does not work

Discussion in 'E-mail Discussion' started by Rakaris Bakaris, Nov 8, 2017.

  1. Rakaris Bakaris

    Rakaris Bakaris Well-Known Member

    Joined:
    Jan 8, 2015
    Messages:
    63
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello!

    I've edited the Exim Sysfilter to filter out .bat file attachments according to instructions in cPanels documentation by adding bat extension to all of the extensions lists

    However, if I forward an email that has a .bat extension the mail went through and wasn't rejected (tested with emailsecuritycheck.net/ tests).

    I restarted exim each time I made changes. I'm using the correct filter file -
    cpanel_system_filter_new

    What is wrong with my configuration? How to solve this?

    Thanks
     
    #1 Rakaris Bakaris, Nov 8, 2017
    Last edited by a moderator: Nov 8, 2017
  2. Rakaris Bakaris

    Rakaris Bakaris Well-Known Member

    Joined:
    Jan 8, 2015
    Messages:
    63
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I have noticed that file "/usr/local/cpanel/etc/exim/sysfilter/options/attachments" does not contain my added changes. Why? If I understand correctly the file is not editable directly.
    For testing purposes I have added to the file "/usr/local/cpanel/etc/exim/sysfilter/options/attachments" the missing attachments but after Exim restart the attachment was not blocked.
     
    #2 Rakaris Bakaris, Nov 8, 2017
    Last edited: Nov 8, 2017
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    In "WHM >> Exim Configuration Manager", under the "Filters" tab, are you using a custom filter for the "System Filter File" option? If so, you'd need to add your custom filter rules to that custom system filter file itself instead of adding them as separate filter files under the options directory. There's a thread on this topic at:

    Exim custom filter not working

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Rakaris Bakaris

    Rakaris Bakaris Well-Known Member

    Joined:
    Jan 8, 2015
    Messages:
    63
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello!
    Yes, I'm using "System Filter File". I have removed the changes from options file so it's 1:1 as it was before but nothing has changed. You can see my configuration bellow.
    i.imgur.com/QiCjS29.png
    The discussion you pointed shows that there is custom filter file option but I have not see such one on my filters configuration pane. Where can be the problem?
    Thanks!
     
    #4 Rakaris Bakaris, Nov 10, 2017
    Last edited by a moderator: Nov 11, 2017
  5. Rakaris Bakaris

    Rakaris Bakaris Well-Known Member

    Joined:
    Jan 8, 2015
    Messages:
    63
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Update:
    I have determined that:
    1) If I send from server webmail with .bat attachment, it does not allow send the mail to other recepient.
    2) If I'm using email security tests Free Email Security Check (emailsecuritycheck.net), then mails 4,5,7 are received. See reference bellow.
    3) If I'm configure Global email filter at Cpanel account (body contains .bat), then there are no security test emails on the inbox (the expected result)

    For reference from emailsecuritycheck.net:

    • The first mail (1/7) contains a harmless executable attachment. Even though it is harmless, it should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, this mail may never reach you.
    • The next mail (2/7) contains a harmless executable attachment, the EICAR anti virus test file in a .zip archive. This file should be detected by every virus checker. Depending on the configuration of your virus checker, this mail may never reach you.
    • The third mail (3/7) is harmless spam message (GTUBE spam signature), and should be detected by every spam filter. Depending on the configuration of your spam filter, this mail may never reach you.
    • The remaining four mails (4/7 to 7/7) contain attachments disguised in different ways. Even though the attachments are harmless, they should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, these mails may never reach you.
    So the question:
    1) Why Exim does not block the test mails 4,5,7?
    2) how to make Exim discard / disable such attachments?
     
    #5 Rakaris Bakaris, Nov 11, 2017
    Last edited by a moderator: Nov 11, 2017
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Rakaris Bakaris

    Rakaris Bakaris Well-Known Member

    Joined:
    Jan 8, 2015
    Messages:
    63
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello!
    Have opened ticket with No 9027839.
    Thank you.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice