Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to block emails by wildcard across a server

Discussion in 'E-mail Discussion' started by martin MHC, May 10, 2019.

  1. martin MHC

    martin MHC Well-Known Member

    Sep 14, 2016
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Exim Version 4.91-5 WHM version 78.0.23

    There are many email domains that are receiving spams from the same source emails,

    SpamAssassin is impractical as this blocks wildcard domains only on a per-account basis.

    What I want to do:
    -- Check a sending domain matches a set pattern or a wildcard pattern, and if so discard silently across any server account.

    What I have read so far...
    I have read various topics on this:

    And the documentation on applying Exim rules.

    - How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation

    However, The example on the WHM Documentation is simple and does not reference wildcarding. I have set up a file per the documentation and reading links above, thus:

      $h_from: contains ""
      or $h_from: contains ""
      or $h_from: matches ".*@.*\.example\.org$"
      or $h_from: matches ".*@.*\.icu$"
    #then noerror seen finish
      deliver "SpamTest <>"
      seen finish
    The Exim Documentation on PCRE ( Exim Specification - Regular expressions ) states that in "matches" that single backslashes are enough (rather than double) and that dollar signs do not need escaping.

    And this seems to stop the "Contains" but I suspect this rule also seems to be failing for all emails. I received reports that at least one client has received no emails since this was put in place.

    What I would like to achieve

    I am trying to set a single cannonical location on the server to list PCRE email from accounts that should be silently blocked from all server accounts.

    I need so far:

    • - To block anything from (this works)
    • - To block anything from (this works)
    • - To block anything from any email shaped as <anything>@<anything>
    • - To block anything from any email shaped as <anything>@<anything>.icu
    From the stackexchange link above I also ran the "/usr/sbin/exim -bF <scriptfile> -f <sender>" but this returned nothing; so was ambiguous (I am a litte fishing in the dark, here) .

    What is the best way of achieving this aim, Once I'm confident of the PCRE working I can add further domains to the list.

    Thank you.
    #1 martin MHC, May 10, 2019
    Last edited by a moderator: May 10, 2019
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    May 20, 2003
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I understand that this might not be what you're after, but I use MailScanner Front End for this. With all the new domain extensions being used for spam these days, this makes blocking them one by one, a little easier.

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice