Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim system filter

Discussion in 'E-mail Discussion' started by AlexandreVeezon, Feb 27, 2015.

  1. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Hi Friends!

    I'm trying to create a filter to reject messages containing zip files attached, BUT only for a single domain:

    Code:
    #/etc/cpanel_exim_system_filter2 -- Set in WHM to use this file as system filter.
    ################################
    
    if "$h_to:, $h_cc:, $h_bcc:" contains "domain.com"
    then
    	
    	if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:zip)\")"
    	or $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:zip))"
    	or $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:zip)\")[\\\\s;]"
    	or $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:zip))[\\\\s;]"
    
    	then
    		fail text "This message has been rejected because it has a forbidden attachment."
    		seen finish
    	endif
    endif
    
    The information about creating the filter was get in https://documentation.cpanel.net/display/ALD/Customize+the+Exim+System+Filter+File#CustomizetheEximSystemFilterFile-Howtoblockadditionalextensions

    But I don't know why, none zip being filtered. Every mail still being delivered.
    So, what's wrong?

    Is there any other easy way to do this?
    Thank you :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Are you sending a test email from a remote server with the .zip extension to reproduce this issue, or do you only notice it on actual emails that are sent? Note that you may want to try copying the rules from the following file for this filter:

    /etc/cpanel_exim_system_filter

    Simply add "zip" to the rules that list the other file extensions (e.g. exe, eml) and apply it to the single account.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Yes, exactly.

    Something like this?

    Code:
    if "$h_to:, $h_cc:, $h_bcc:" contains "domain.com"
    and $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:zip)\")"
    then
      fail text "This message has been rejected because it has\n\
                 potentially executable content $1\n\
                 This form of attachment has been used by\n\
                 recent viruses or other malware.\n\
                 If you meant to send this file then please\n\
                 package it up as a zip file and resend it."
      seen finish
    endif
    
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 AlexandreVeezon, Mar 2, 2015
    Last edited: Mar 2, 2015
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, that would be one way to implement the rule.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Thanks Michael.

    Unfortunatelly, the rule do not works yet. Well, I'll continue trying.

    Thanks ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You may want to post to the Exim users mailing list for advice on custom Exim filter rules:

    Exim Users Mailing List

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice