The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem with Exim/Filter

Discussion in 'E-mail Discussions' started by pctech4u, Jul 15, 2007.

  1. pctech4u

    pctech4u Member

    Joined:
    Jan 9, 2006
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hello :)

    I have a number of accounts on my cPanel 11 box which keep having mail issues.

    For some reason, in the Mail>Filtering section of the clients cPanel there is a line called:

    $h_X-Spam-Status: begins with "Yes"

    The problem is that, when this rule is there, no mail gets delivered. All mail fails with the following error in exim_mainlog:

    Filter error: "and" or "or" or "then" expected near line 7 of filter file, but found ""Yes""

    Does anyone know

    a) Why this filter is being created in the first place? Is it to do with SpamAsassin or BoxTrapper
    b) How can I stop it being created
    c) Is the filter: $h_X-Spam-Status: begins with "Yes" actually wrong? If so, what should it be instead?

    Many thanks

    J
     
  2. noox

    noox Active Member

    Joined:
    Mar 19, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I have troubles with the CP 11 Mail filters too.

    With CP 10 I used ****** with any headers to filter out spam mails above a certain score. With CP 11 it's ++++. But when I try to add this to a rule no mail arrives at all. When I remove the rule the mails appear again. I also tried to escape the +. It seems like the frontend for the filter rules has some bugs here.

    I finally found out that it works with "Spam Score above" and a number (Score * 10).

    I have another account on the server. One email address of this domain is forwarded to the domain which is filtered (my main domain/email address) Sometimes I send mails with cc to this other email address for documentation purpose. So this mail is sent from my main email address to another email address of another account and should be forwarded back to the main address.

    Now I found out that the mail gets lost when I have the "Spam Score above" filter active. If not the mail goes through - even without any spamassassin header.


    I tried to test the filter with the "Spam Score above" rule and got th following error:

    Filter error: malformed numerical string ""

    When I remove the filter rule I get no error.

    Could it be that there are some bugs in the email filtering system.
     
    #2 noox, Jul 20, 2007
    Last edited: Jul 20, 2007
  3. pctech4u

    pctech4u Member

    Joined:
    Jan 9, 2006
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Anyone have any idea's? :)

    James
     
  4. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    It should be

    $h_X-Spam-Status: begins [STRIKE]with[/STRIKE] "Yes"



    /usr/local/cpanel/bin/vfilterfix on CURRENT 11.8+ (do not run it on 11.6 as it was not as robust. The 11.8 one makes much better choices about what to do with invalid filters) will look for invalid data in the filters and attempt to repair them.
     
  5. pctech4u

    pctech4u Member

    Joined:
    Jan 9, 2006
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    What character a [STRIKE]? Sorry, I've never used this, might be something to do with being from the UK?

    Thank you :)
     
  6. Antifreeze

    Antifreeze Member

    Joined:
    Jul 28, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Yes, it will look at the header and see if the mail has been marked as spam by assassin.
    What seems to be missing or malformed is the 'action' of the rule.

    I'm only an end-user of control-panel, so I can't answer that.
    But when my webhost created my account, there were no filters created. I created all my filters manually.
    Perhaps when boxtrapper is enabled it creates this rule automatically, but makes an error in doing so?
    I don't know... I've never used boxtrapper.

    What you are seeing is simply the TITLE that the user/script gave the rule when it was created. So it doesn't have to be correct syntax; it could easily have been called 'spam rule'. Don't you see an 'edit' link to the right of that title line? You should be able to click on that and edit the rule. There should also be a link to delete the rule too.

    Anyway, all this points to a script (possibly boxtrapper or perhaps a cpanel config file) that has modified:
    root/.cpanel/filter.yaml if the rule is at account level OR
    root/etc/DOMAIN/USEREMAILADDRESS/filter.yaml if the rule is at user level.

    The rule should look like this in that file:

    ---
    filter:
    -
    actions:
    -
    action:
    dest:
    filtername: "$h_X-Spam-Status: begins with Yes"
    rules:
    -
    match: begins
    opt: or
    part: "$h_X-Spam-Status:"
    val: Yes



    It sounds to me like the highlighted lines in the file are malformed or missing. For instance, action could be 'deliver' and dest could be 'spambin@mydomain.com', which means all mail marked by assassin as spam would be redirected to that email address.

    You don't need this rule if you want the spam mail to still be delivered to the users, and so let them filter it themselves using their email clients. However, I have set this rule up at account level because I find that assassin almost never makes false positive errors. I deliver all the spam to a 'spambin' email account and keep a couple of weeks back-log just in case someone at our company asks me to check whether a legitimate email has been sent to the 'spambin' by mistake.


    EDIT: I just noticed that the 'delete' function does not work for user-level filters. You need to manually delete:
    root/etc/DOMAIN/USEREMAILADDRESS/filter.yaml and
    root/etc/DOMAIN/USEREMAILADDRESS/filter

    or if you have multiple rules, then you have to edit these files to erase just that one rule rather than delete the whole file.



    .
     
    #6 Antifreeze, Aug 7, 2007
    Last edited: Aug 7, 2007
  7. pctech4u

    pctech4u Member

    Joined:
    Jan 9, 2006
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Many thanks for that great post, Antifreeze.

    Jim
     
Loading...

Share This Page