The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

question about email filter (AND condition is possible?)

Discussion in 'E-mail Discussions' started by Radio_Head, Mar 19, 2006.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I have an user which wants block

    TO "spamtext" , AND with , SUBJECT "spamtext2"

    at this time seems to be possible only to insert
    separate filters without an AND condition.

    Is it possible to enter and an AND condition as above ?

    Thank you
     
  2. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I analyzed what happens on /etc/filters when I insert a new mail filter .

    As it seems , cpanel only understand OR conditions .
    If I add by hand an AND rule for example

    Code:
    if
     $header_from: is "testspam"
     [b]and[/b] $header_to: is "testspam2"
     then
     save "/dev/null" 660
    endif  
    [code]
    
    and then I add another filter via cpanel , cpanel modify all my rules
    with an OR condition 
    
    [code]
    if
     $header_from: is "testspam"
     [b]or[/b] $header_to: is "testspam2"
     or $header_subject: is "testspam3"
    
     then
     save "/dev/null" 660
    endif  
    [code]
    
    
    Very bad , because cpanel doesn't  permit us to set filters using also the AND operator .
    
    
    Any turnaround / solution to bypass this problem ?
     
  3. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    There's one simple solution: use regex matching.
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    how can be done with regex the codintion and above ?
     
  5. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    A good question! When creating your filter in cPanel, it would have to be of the form:

    Filter Any Header that matches regex

    You'd then have to enter the correct regular expression. In order to do that, you would need to be very familar with the format of email headers and very familiar with forming regular expressions. I'm not going to explain how to do that here and will instead just point you in the right direction.

    Following your example, we want the From: field to be exactly equal to "testspam" and the To: field to be exactly equal to "testspam2".

    Start by imagining your email headers, or better still open the headers of an email and take a look. Consider how to match the from field. You have lots of text of unknown length, followed by "From: testspam" followed by more text of unknown length. The same concept applies to the To: field.

    The following is roughly what you need to match the From: field:
    From:\stestspam

    And then what follows will roughly match the To: field:
    To:\ntestspam2

    The whole regex might then be:
    (From:\stestspam)&(To:\stestspam2)

    I'm not saying that this is by any means correct - it is an example only and is nowhere near right. Learning how regular expressions work will let you determine what is correct.

    When dealing with 'Any Header' matching, there are oodles of things to consider and you must make sure that the regex matches only what you want and nothing else.

    For example:
    From:\stestspam

    would match the From: field if it equalled "testspam". It would also match the From: field if it contained "testspamrandomtext". It would also get a match if the subject of the email contained "From: testspam". And of course it would only work if there was exactly one space in-between "From:" and "testspam".

    Further still, any number of additional headers could contain anything and could potentially match what you are looking for.

    If you are familar with the format of email headers, you will know that the From: field, or indeed any field, is preceded by a certain number of carriage return and line field characters in a certain order, and you know that the same pattern will follow the end of the field. You'd need to know how to match these correctly to ensure that your regex doesn't pickup false positives.

    It's a big topic! You can use regular expressions to correctly match any number of any thing in an email header, but you have to know what you're doing for it to work.
     
  6. sam999

    sam999 Registered

    Joined:
    Jul 18, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    This was a very good question about how to implement regex "AND" constructs (as opposed to OR, which is simple -- "|"). Can't figure how to do that either! Seems incredible as it's very basic! Any of you wizards out there who can give an example?

    Anyway, the parsing by the CP email filter is very finicky, and you seem to need to use three escape characters for several characters (most notably the backslash itself).

    An example:
    Code:
    \\\\brolex\\\\b|\\\\bce\\\.*brex\\\\b|\\\\bvi\\\.*ra\\\\b
    After CPanel passes it to the regex processor it is applied thusly:
    Pattern = \brolex\b|\bce.*brex\b|\bvi.*ra\b

    (Searches for "rolex", words starting with "ce" and ending with "rex", or words starting with "vi" and ending with "ra".)

    You can see how this is actually parsed when you use the filter test, so it's best to experiment with it.
    The "documentation" for CP is extremely deficient in not giving any hints about this need for multiple escapes IMHO!!
     
    #6 sam999, Jul 19, 2006
    Last edited: Jul 20, 2006
Loading...

Share This Page