Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How can I block spam emails with a fixed sibject coming to several domains

Discussion in 'E-mail Discussion' started by Kent Brockman, Jul 15, 2014.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello guys! I'm receiving these spam emails in several domains, so I need a way to filter them at smtp time. I know the exim filter file can intercept this but I don't find the correct syntax.
    The purpose is to send to /dev/null the emails from any source containing a given string in the subject.
    Can anybody give some help?

    Thanks in advance!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,145
    Likes Received:
    1,932
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Have you considered using the "Account Level Filtering" option in cPanel, or is this across multiple accounts? What Exim filter rule did you already try?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael, I've been able to solve it by using exim system filter file.
    Yes, this is to mitigate a spam wave coming randomly to several domains. That's why a global filter is needed.

    The solution consist in adding the following code somewhere in the midlle of /etc/cpanel_exim_system_filter

    Code:
    if $message_headers: contains "DOMAIN-TO-BLOCK.com"
            or $message_body: contains "TEXT PATTERN USED ACROSS ALL THE UNSOLICITED EMAILS"
            and not error_message
    then
            seen finish
    endif
    This rule will deliver to a blackhole (/dev/null) all the messages where the headers contain the domain name to block OR the common denominator text pattern (if the spam messages fortunately have something in common, and since it is an ellaborated phishing scam, they do). It just worked like a charm. :)

    It's of note, that this method is the best way to stop spam when the source IP from the emails is different in every message. If the source IP were the same, I could easily block them using the Exim Configuration Manager > Blacklisted SMTP IP addresses list... or even block the IP in the firewall.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice