The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rejected email when forwarding

Discussion in 'E-mail Discussions' started by squaredot, Oct 31, 2007.

  1. squaredot

    squaredot Registered

    Oct 31, 2007
    Likes Received:
    Trophy Points:
    I'm a new user and trying to work through a problem. I have an email account set up that I am trying to use through Thunderbird. I can send and recieve mail; I just can't forward mail.
    I get a message stating:
    "This message has been rejected because it has
    a potentially executable attachment "Re: FW: Basketball graphics.eml"
    This form of attachment has been used by
    recent viruses or other malware.
    If you meant to send this file then please
    package it up as a zip file and resend it."

    Can anyone give me any information on why this is happening and how I can fix it?
    My other email accounts through this host don't have the same problem.....
  2. mtindor

    mtindor Well-Known Member

    Sep 14, 2004
    Likes Received:
    Trophy Points:
    inside a catfish
    cPanel Access Level:
    Root Administrator

    Sure. By default, exim is going to prohibit you from forwarding emails in such a way that they are forwarded as .EML attachments. Either do not forward the email _as_an_attachment_, or set up your Cpanel so that it does not block EML attachments.

    To do that, you'll want to do something like:
    1. cp /etc/cpanel_exim_system_filter /etc/cpanel/exim_system_filter_without_eml
    2. edit /etc/cpanel/exim_system_filter_without_eml
    - remove the eml references in there
    - save this file
    3. Log into WHM, go to Exim Configuration Editor
    - change system filter to /etc/cpanel/exim_system_filter_without_eml
    - save

    That's the 'short' of it. If you are not comfortable with editing files, then you need to forget about doing this or find somebody who you trust who can do it for you.

    Also, Cpanel may occasionally update the exim_system_filter - and if they do that, you will not have those updates since you will be using a copy of that file.

    Below I'll give you an example of the lines in /etc/cpanel/exim_system_filter_without_eml that you would edit and remove the EML references from:

    if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
    if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
    if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
    if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"

    NOTE: Pay attention to the fact that you not only remove 'eml' but you also remove the | symbol after it. So you'll be removing eml| from each of those lines and saving it.


Share This Page