How to block emails by wildcard across a server

martin MHC

Well-Known Member
Sep 14, 2016
154
25
28
UK
cPanel Access Level
Root Administrator
Exim Version 4.91-5 WHM version 78.0.23

There are many email domains that are receiving spams from the same source emails,

SpamAssassin is impractical as this blocks wildcard domains only on a per-account basis.

What I want to do:
-- Check a sending domain matches a set pattern or a wildcard pattern, and if so discard silently across any server account.

What I have read so far...
I have read various topics on this:

And the documentation on applying Exim rules.

- How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation

However, The example on the WHM Documentation is simple and does not reference wildcarding. I have set up a file per the documentation and reading links above, thus:

Code:
if
  $h_from: contains "@example.com"
  or $h_from: contains "@example.net"
  or $h_from: matches ".*@.*\.example\.org$"
  or $h_from: matches ".*@.*\.icu$"
#then noerror seen finish
then
  deliver "SpamTest <[email protected]>"
  seen finish
endif
The Exim Documentation on PCRE ( Exim Specification - Regular expressions ) states that in "matches" that single backslashes are enough (rather than double) and that dollar signs do not need escaping.

And this seems to stop the "Contains" but I suspect this rule also seems to be failing for all emails. I received reports that at least one client has received no emails since this was put in place.

What I would like to achieve

I am trying to set a single cannonical location on the server to list PCRE email from accounts that should be silently blocked from all server accounts.

I need so far:

  • - To block anything from @example.com (this works)
  • - To block anything from @example.net (this works)
  • - To block anything from any email shaped as <anything>@<anything>.example.org
  • - To block anything from any email shaped as <anything>@<anything>.icu
From the stackexchange link above I also ran the "/usr/sbin/exim -bF <scriptfile> -f <sender>" but this returned nothing; so was ambiguous (I am a litte fishing in the dark, here) .

What is the best way of achieving this aim, Once I'm confident of the PCRE working I can add further domains to the list.

Thank you.
 
Last edited by a moderator:

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @martin MHC,

I realize this thread is a couple of months old, but I wanted to let you know that cPanel & WHM version 84 includes a new feature that addresses one of the needs you expressed in your post here:

Implemented case CPANEL-28808: Give Exim the ability to block incoming mail from domains.

While it doesn't provide for support for blocking individual email addresses through wildcards, it does make blocking individual domains and subdomains easier to manage. Here's a glance at this feature as seen in WHM >> Email >> Filter Incoming Emails by Domain on a server running cPanel & WHM version 83.9999.137 (this is a development build for version 84):

version84-whm-filter-incoming-email-by-domain.png

I encourage you to submit a feature request if you'd like to see this feature expanded for more use cases.

Thanks!
 

martin MHC

Well-Known Member
Sep 14, 2016
154
25
28
UK
cPanel Access Level
Root Administrator
@cPanelMichael Many thanks for updating me on this development, this looks excellent. I'm happy enough with domain level blocking (from experience it seems usual for the majority of specific spam addresses to come from nonsense domains anywho) that this new system offers. Looking forward to the release of WHM 84. Thanks again.
 
  • Like
Reactions: cPanelMichael