Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Global email filters override Default Address

Discussion in 'E-mail Discussion' started by perplex, Apr 24, 2019.

  1. perplex

    perplex Member

    Joined:
    May 3, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello, To fight spam I've set up multiple "Global Email Filters" for a domain, however these filters now appear to have overridden the "Default Address = Discard" setting that I have in place! This means that if get an email with a 'bad word' in its body and sent to anything@my-domain.co.uk the bad word gets matched by my filter uneccessarily instead of using its default address and the email being discarded immediately.

    Can you explain why my Default Address (Discard) is being overridden by filters? I presume it's the way cPanel works - but surely there has to be a way to place the Default Address first, and then to stop processing global email filters?

    Thanks in advance.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,237
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I think we'd need to see the rule before I can give you an answer to this, would it be possible for you to provide it?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. perplex

    perplex Member

    Joined:
    May 3, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello, I have many filters, is this of relevance? As I said it appears 'ANY' global filter rule that is added will override a users 'Default Address' Discard setting. I believe cpanel shouldn't work this way really, or there should be at least the option of placing the Default Address/discard above all filters. OK so anyway here's one of my rules -

    Filter Name: SPAM Body

    Body (matches regex):
    (?<!=)==(?!=)|(?-i)回|V2FudCBzZXgg|(?i)Vi\/agra|pussy|****|Good\s?day!|porno|girlfriend|keylogger|\$1500|Cialis|hacked|garantie|apporter|appartient|Lyft|sexual|envoyant|sexy|Cilais|Levtira|Vigara|sensual|Online\s?Pharmacy|Debt\s?Relief|TERMINIX|antiviruses|bored

    Actions1 (Redirect to email):
    spam@my-domain.co.uk

    Actions2 (Stop processing more rules)
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,237
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I think I understand what's happening now, you're saying if the spam email matches some regex in the rule it's automatically sent to spam@my-domain.co.uk rather than (in the case of the default email) discarded.


    This is due to the way that exim processes these rules. The processing for this takes place prior to the processing for the discard of email sent to the default address so the forward to happens then I'd assume that the match on the default address is hit and the message to the default address is discarded (meaning it doesn't reach the default address, just the address you're forwarding to) this behavior is expected.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. perplex

    perplex Member

    Joined:
    May 3, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Thanks for this, it's what I thought. Is there a way to get around this so that the Default Address (discard) is actioned prior to my filter rules? eg. Maybe creating a new 'regex' filter rule that mimics what cpanel Default Address/discard should be doing. Basically I would like a regex rule to:

    Filter Rule = Match all emails sent to: "does-not-exist@my-domain.co.uk"
    Action = Discard
    Action = Stop processing more rules

    It would be really great if some genius out there could come up with a solid solution as I've spent so many days trying resolve this with no joy. My regex skills a very limited and i've hunted high and low on Google too. Thanks! :)
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,237
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @perplex


    What about something like this? (keep in mind this is an extremely simple example)

    Code:
    if
     $message_body matches "REGEX HERE"
     and $header_to: does not contain "anotheraddresshere@email.tld"
    then
     deliver "user2@mydomain"
     finish
    endif
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. perplex

    perplex Member

    Joined:
    May 3, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi Lauren, I was hoping that you could be a bit more specific if possible please, I'm not that great at regex especially of the Perl variety! I was looking for something like this -

    Email To (matches regex): If Does Not Match This (john OR peter OR luke @mydomain.co.uk)
    Action: Discard

    Eg. So john123@mydomain.co.uk would be discarded but
    john@mydomain.co.uk or peter@mydomain.co.uk or luke@mydomain.co.uk would be accepted for delivery.

    Many thanks!
     
    #7 perplex, Apr 26, 2019
    Last edited: Apr 26, 2019
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,237
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    In my example I was assuming you were using your own regex to determine if mail was to be forwarded as spam. Other than that, I gave you the entire rule I'm not sure what you mean by specific?

    The rule indicates if email matches "your regex" and isn't being sent to "your default address/es" then forward to your "spam email"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. perplex

    perplex Member

    Joined:
    May 3, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    UPDATE: I've now managed to create a good regex rule to filter spam via cPanel email filters, I shall post it here to help others in my next response. I'm just adding final touches to it and wondered if anyone is able to tell me how to use 'word boundaries' in cpanel global email filters, I know cPanel uses PERL regex but I just can't get my code to work! Please show me how to match the text highlighted in red in the string below:

    Match:
    PCFkb2N9eXBlIGh0bWw+DQo8aHRt

    Perl Regex:
    What I have already: Fkb2N9.*
    What did not work: \BFkb2N9\B

    Basically if a spam email contains Fkb2N9 in a long Base64 string then I can deal with it, probably quarantine or disregard it as junk.
     
    #9 perplex, May 9, 2019
    Last edited: May 9, 2019
    cPanelLauren likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice