Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Filtering bounce messages

Discussion in 'General Discussion' started by dougsonos, Sep 13, 2004.

  1. dougsonos

    dougsonos Registered

    Sep 12, 2004
    Likes Received:
    Trophy Points:
    I am being deluged with bounces from spammers forging my address.

    I'm trying to write a filter to catch these bogus bounce messages. I've looked at the exim.conf file on my server and have used that to put together a decent flowchart of how the various mail options interact ... (will polish that and share soon).

    What I have now is a /etc/mydomain/vfilters file:

    # Exim filter

    if error_message then finish endif

    if $local_part is "doug" then
    pipe "/usr/bin/procmail -m /home/mydomain/.procmailrc"

    My procmail recipes
    [1] check for SpamAssassin having marked the message as spam (-> spam box)
    [2] look for bounce messages (-> bounce box) [at some point I will add some code to try to separate the forgeries from bounces that I want to see]

    I'm watching my procmail log roll by and watching the spam and good messages arrive and get routed appropriately.

    Then I check my mail, and I've got another 5 bounce messages! Is cPanel configuring Exim to not route bounce messages through a filter?! The only thing that happens before the vfilters are applied is routing through SpamAssassin. That's working -- look at the mail headers from a bounce:

    From Mon Sep 13 19:37:04 2004
    Return-path: <>
    Delivery-date: Mon, 13 Sep 2004 20:35:03 -0600
    Received: from myloginname by with local-bsmtp (Exim 4.42)
    id 1C739q-00029d-Gt
    for; Mon, 13 Sep 2004 20:35:03 -0600 <-- exim gets it back from SA
    Received: from [deleted] (
    by with esmtp (Exim 4.42)
    id 1C739p-000291-W1
    for; Mon, 13 Sep 2004 20:35:02 -0600 <-- exim sees it, sends to SA
    X-Spam-Status: No, hits=-4.6 required=5.0 tests=BAYES_00,BIZ_TLD,NO_REAL_NAME
    autolearn=no version=2.64

  2. dougsonos

    dougsonos Registered

    Sep 12, 2004
    Likes Received:
    Trophy Points:
    figured it out

    Here is the flow of mail through cPanel's configuration of Exim, and how I hooked in procmail to filter bounces to a separate mailbox:

    1. If it's a virtual user (has a POP sub-account) or the local user ("main account"), and Spam Assasin is enabled, pass the message through Spam Assassin.

    2. Apply filters (/etc/$domain/vfilters), which can route to pipes, files, or other addresses. (Since this is a "redirect" router, delivery status notifications appear not to go through this step.) Redirected messages are not processed further unless they are to local addresses (? I think).

    3. Apply forwarders/autoresponders (/etc/$domain/valiases). Redirected messages *are* processed further.

    4. If it's a virtual user, deliver the message (to spam box if enabled, inbox otherwise). Processing stops.

    5. If it's a virtual user but his mailbox does not exist, and not an autoresponder, discard the message and stop processing.

    6. If the domain has a default address, route the message there. If it's a non-local address, stop processing.

    7. Apply system aliases ... these seemed not to apply to commmon cases; I didn't dig far into this. (postmaster etc. I think)

    8. Apply $HOME/.forward, if it exists. (This is where I hooked in procmail.)

    9. Deliver the message to the local user (to spam box if enabled, inbox otherwise).

    Hope this helps someone ...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice