The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim system filter

Discussion in 'E-mail Discussions' started by AlexandreVeezon, Feb 27, 2015.

  1. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Hi Friends!

    I'm trying to create a filter to reject messages containing zip files attached, BUT only for a single domain:

    Code:
    #/etc/cpanel_exim_system_filter2 -- Set in WHM to use this file as system filter.
    ################################
    
    if "$h_to:, $h_cc:, $h_bcc:" contains "domain.com"
    then
    	
    	if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:zip)\")"
    	or $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:zip))"
    	or $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:zip)\")[\\\\s;]"
    	or $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:zip))[\\\\s;]"
    
    	then
    		fail text "This message has been rejected because it has a forbidden attachment."
    		seen finish
    	endif
    endif
    
    The information about creating the filter was get in https://documentation.cpanel.net/di...stemFilterFile-Howtoblockadditionalextensions

    But I don't know why, none zip being filtered. Every mail still being delivered.
    So, what's wrong?

    Is there any other easy way to do this?
    Thank you :)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you sending a test email from a remote server with the .zip extension to reproduce this issue, or do you only notice it on actual emails that are sent? Note that you may want to try copying the rules from the following file for this filter:

    /etc/cpanel_exim_system_filter

    Simply add "zip" to the rules that list the other file extensions (e.g. exe, eml) and apply it to the single account.

    Thank you.
     
  3. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Yes, exactly.

    Something like this?

    Code:
    if "$h_to:, $h_cc:, $h_bcc:" contains "domain.com"
    and $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:zip)\")"
    then
      fail text "This message has been rejected because it has\n\
                 potentially executable content $1\n\
                 This form of attachment has been used by\n\
                 recent viruses or other malware.\n\
                 If you meant to send this file then please\n\
                 package it up as a zip file and resend it."
      seen finish
    endif
    
    
     
    #3 AlexandreVeezon, Mar 2, 2015
    Last edited: Mar 2, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    Thanks Michael.

    Unfortunatelly, the rule do not works yet. Well, I'll continue trying.

    Thanks ;)
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page