Help needed with Global Filters (body regex)

Alain Gagnon

Registered
May 16, 2016
2
0
1
Joliette, Qc, Canada
cPanel Access Level
Root Administrator
Hello!

We have a client who wants to redirect emails containing certain attachments to another email address for review, but I'm having some problems making a body regex that works without issues for his needs. Ex, [email protected] receives an email with a zip file, that needs to be copied to [email protected] instead.

At first, I put in a body matches regex condition with this statement:
Content-Disposition: attachment; filename=".*.zip"
Only to notice that CPanel removed the " symbol when I edit the filter anew. I figured I'd try it, but the end result is that even if an attachment is not a zip file, if the letters zip are found later in the email, the .* in the regex catches the letters and matches the filter.

I then tried to emphasize the . and the " by putting escaping them with a \ but that didn't work as well as I would have liked, the filter did not work.
Content-Disposition: attachment; filename=\".*\.zip\"
Filter error: error while compiling regular expression "Content-Disposition: attachment; filename=\".*\.zip\": \ at end of pattern at offset 52


Doubling them was recommended elsewhere, but while CPanel accepted the filter then, it's not matching it as I test it.

As I am not a guru with regexes, I'm turning here for help if somehow can help me along with a pointer or a solution that would work!

Thanks for your time!
 

Alain Gagnon

Registered
May 16, 2016
2
0
1
Joliette, Qc, Canada
cPanel Access Level
Root Administrator
I've had more time to play around with this, and I think I found a (manual) solution that works for now, but is not optimal in the long run. After searching around for posts, I've found a not supported way to edit the filters by doing this:

1- create 2 global filter rules, 1 that will be used, the second one a dummy that hopefully never matches (ex: to address [email protected])
2- delete the /home/user/.cpanel/filter.cache file
3- edit the /home/user/.cpanel/filter.yaml file with the syntax I want, ex:

rules:
-
match: matches
opt: or
part: $message_body
val: "Content-Disposition:.*attachment.*filename=\".*zip\""
-
match: matches
opt: or
part: $message_body
val: "Content-Disposition:.*attachment.*filename=\".*rar\""

4- Once the yaml filter file seems correct, edit the 2nd rule, and just save it, which will recreate the filter.cache file and migrate the settings to /etc/vfilters/domain_name

Once that's done, the yaml file is stripped of the " and the \" become simple " so it can't be reused without manual modifications, so I keep a backup of the syntax for further modifications if needed.

I assume that it's an unintended effect, or that I'm not aware of a more proper way to escape characters to match what I want it to match, but it works for now.

If any CPanel admins wanna chime in and tell me if it's worth opening a support ticket for this, or if I'm clearly not using the solution in a proper way, I'd be happy to proceed!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
Hello,

You may also find the following thread helpful when researching different methods of implementing filter rules for zip files:

Reject emails with ZIP files containing EXE files

It's different than the specific rule you are seeking, but offers some insight you may find helpful.

Thank you.