The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail filters not working correctly (SoBig Virus bouces)

Discussion in 'E-mail Discussions' started by hostultra, Sep 3, 2003.

  1. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    I setup a filter on my email account to block any messages which the message body contained the word "octet-stream" (without the quotes) but it DOES NOT WORK!!!
    The mail is still getting to me, why isnt the filter working?

    Im trying to block these:


    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    You can easily do this with a correctly setup email filter in exim. Simply edit your filter file /etc/vfilters/your-domain.com and insert the following rules:
    Code:
    # Exim filter
    
    if error_message then finish endif
    
    if $header_subject: contains "Re: Your Application"
        or $header_subject: contains "Re: My Details"
        or $header_subject: contains "Re: Details"
        or $header_subject: contains "Your Details"
        or $header_subject: contains "Re: That movie"
        or $header_subject: contains "Re: Wicked screensaver"
        or $header_subject: contains "Re: Details"
        or $header_subject: contains "Re: Thank you!"
        or $header_subject: contains "Thank you!"
        or $header_subject: contains "Re: Approved"
        then
            save /dev/null
    endif
    Some people who are more anal retentive will s/contains/is .
     
    #2 ciphervendor, Sep 3, 2003
    Last edited: Sep 3, 2003
  3. hostultra

    hostultra Well-Known Member

    Joined:
    Aug 21, 2002
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Actually im not trying to block the virus itself.
    Im trying to block the returned (bounced) viruses.

    The sobig virus fakes the sender email address so i am getting bounces for an email that I never sent.

    The bounce messages does not contain the virus so its not blocked by virus filters but still fills up my inbox with loads of 100KB bounced messages.

    This is like what happens when a spammer uses your email address as the reply address for his spams.

    EDIT:
    After looking at /etc/vfilters/domain.com i see the problem:

    if error_message then finish endif

    I commented out that line so it should work now.
     
    #3 hostultra, Sep 3, 2003
    Last edited: Sep 3, 2003
  4. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Why don't you just then filter for senders and send all messages from admin@ mailer-daemon@ postmaster@ , etc. to the bit bucket (/dev/null)?

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page