The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is there any such thing as SERVER-WIDE filtering any more?

Discussion in 'E-mail Discussions' started by jols, Jan 9, 2012.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    One of our hosted accounts are being mail-bombed right now, and yes I know I could likely establish account level filtering for this one account, but I am dissappointed to see that, once again, all filtering rules in antivirus.exim are being ignored, even tough WHM Exim configuration has antivirus.exim selected.

    For example, I would like a method to filter out all email, at the server level, which contains a certain drug name starting with V and ending with A. (I don't want to enter the full name in this post for fear that my question will get filtered out.)

    How could I implement such a server-wide email filter? I see that someone here is recommending using ClamAV for such server-wide filtering, yes, but how?

    And I have no idea how to use the new feature "/etc/cpanel_exim_system_filter" with custom rules. Anyone?

    Thanks so much.
     
  2. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    okay I've tried inserting this at the bottom of the cpanel_exim_system_filter file after making sure that this option was on in the WHM exim configuration page.


    if $header_from: contains "sentto-816"
    then
    save "/dev/null" 660
    endif


    But it does not work.

    I've also tried this one:

    if $header_subject: contains "makemoneyathome2012"
    then
    save "/dev/null" 660
    endif

    Still does not work.
     
  3. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I've got this checked in WHM exim config area:

    /etc/cpanel_exim_system_filter default

    But there is nothing referencing this in the actual exim.conf

    What am I missing here?
     
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks, the link recommends using antivirus.exim, which is exactly what we were doing, but this method does not work anymore, even tough I point exim to it via WHM, our rules in antivirus.exim no longer have any effect.
     
  6. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Login to your server through ssh and open file /etc/cpanel_exim_system_filter by vi editor and put the necessary rules to block spams
     
  7. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I did that, hours ago, none of the rules in this file have any effect.

    Also the account wide rules implemented via their cPanel, for the account that is currently getting mail-bombed, also has zero effect. This is the rule that their cPanel put in the /etc/vfilters directory for their domain:

    ------------------------------------
    if not first_delivery and error_message then finish endif

    #Rule makemoneyathome
    if
    $header_subject: is "[Makemoneyathome2012] Out of office"
    then
    save "/dev/null" 660
    endif
    ------------------------------------

    .. and it has absolutely no effect.

    My current cPanel version is 11.30.5 (build 3)
     
  8. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Silly but important Question:

    Did you restart exim after making the changes?
     
  9. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Yes. But I understand why you would ask.
     
  10. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page