Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mail filters not working correctly (SoBig Virus bouces)

Discussion in 'E-mail Discussion' started by hostultra, Sep 3, 2003.

  1. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    I setup a filter on my email account to block any messages which the message body contained the word "octet-stream" (without the quotes) but it DOES NOT WORK!!!
    The mail is still getting to me, why isnt the filter working?

    Im trying to block these:


    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    166
    You can easily do this with a correctly setup email filter in exim. Simply edit your filter file /etc/vfilters/your-domain.com and insert the following rules:
    Code:
    # Exim filter
    
    if error_message then finish endif
    
    if $header_subject: contains "Re: Your Application"
        or $header_subject: contains "Re: My Details"
        or $header_subject: contains "Re: Details"
        or $header_subject: contains "Your Details"
        or $header_subject: contains "Re: That movie"
        or $header_subject: contains "Re: Wicked screensaver"
        or $header_subject: contains "Re: Details"
        or $header_subject: contains "Re: Thank you!"
        or $header_subject: contains "Thank you!"
        or $header_subject: contains "Re: Approved"
        then
            save /dev/null
    endif
    Some people who are more anal retentive will s/contains/is .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 ciphervendor, Sep 3, 2003
    Last edited: Sep 3, 2003
  3. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    166
    Actually im not trying to block the virus itself.
    Im trying to block the returned (bounced) viruses.

    The sobig virus fakes the sender email address so i am getting bounces for an email that I never sent.

    The bounce messages does not contain the virus so its not blocked by virus filters but still fills up my inbox with loads of 100KB bounced messages.

    This is like what happens when a spammer uses your email address as the reply address for his spams.

    EDIT:
    After looking at /etc/vfilters/domain.com i see the problem:

    if error_message then finish endif

    I commented out that line so it should work now.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 hostultra, Sep 3, 2003
    Last edited: Sep 3, 2003
  4. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    166
    Why don't you just then filter for senders and send all messages from admin@ mailer-daemon@ postmaster@ , etc. to the bit bucket (/dev/null)?

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice