trying to block tld with exim custom filter

keat63

Well-Known Member
Nov 20, 2014
1,892
248
93
cPanel Access Level
Root Administrator
I created a custom filter in /usr/local/cpanel/etc/exim/sysfilter/options/ to block .date TLD's, but can't get it to work.

Code:
if first_delivery
and ("$h_to:, $h_cc:" contains ".date")
or ("$h_from:" contains ".date")
then
seen finish
endif
Now go into WHM -> Exim Configuration Manager -> Basic Editor -> Filters, and you should see the new filter listed:

** Custom Filter: inbound_tld_block

If it’s not already enabled, enable it here and then save.
spam emails from .date TLD's are still getting through.

Any ideas where I'm going wrong, could it be related to these tld's having a hyphen in the email address ?

eg: frapp-go.date, waltz-or.date, belch-in.date etc etc.

In the short term, i've given .data a huge spam score, but i'd rather these get dropped by exim.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
458
113
UK
cPanel Access Level
Root Administrator
You could try
Code:
if $sender_address matches \\.date\$
then fail
endif
Since this uses a regex, I don't think the matches line needs any nested brackets, but you may need to to experiment.
 

keat63

Well-Known Member
Nov 20, 2014
1,892
248
93
cPanel Access Level
Root Administrator
I still can't seem to get this working.
I assume that exim is supposed to reject these at handshake ?

I'm still seeing them in mailscanner front end, although I gave the tld a huge spam score, so not seeing them in the mailbox.

in /usr/local/cpanel/etc/exim/sysfilter/options/

I have a custom rule named inbound_tld_block, which is enabled in exim config.
The rule contains the following


if $sender_address matches \\.date\$
then fail
endif


any tips where i'm going wrong
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
458
113
UK
cPanel Access Level
Root Administrator
Did you rebuild the exim configuration ?

Just go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....
Code:
Your changes have been saved.

Restarting cPanel daemons...done.

Updating your system to reflect any changes...
Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.

Done.
Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.
and you will see in the newly generated /etc/cpanel_exim_system_filter file the following
Code:
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
if $sender_address matches \\.date\$
then fail
endif
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
Hope this helps
 

keat63

Well-Known Member
Nov 20, 2014
1,892
248
93
cPanel Access Level
Root Administrator
If I disable the filter in exim config, save changes, then re-enable and save changes again, I can see this being echo'd in the the exim retstart.
However, i don't see the file being updated in etc.
I have 2 files in there.

/etc/cpanel_exim_system_filter
/etc/cpanel_exim_system_filter_copy

both having diffrent time stamps, none of which are todays.

I'll take a look in MSFE though.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
458
113
UK
cPanel Access Level
Root Administrator
Sorry this has taken so long to reply to, but I don't get a lot of messages from .date tld's, so it took a while to test.

I have to confess that the filter I suggested is NOT stopping the .date TLD's

According to all the documentation and what I can see in the files, it installed correctly, but just doesn't work - the incoming messages from .date addresses are still getting processed for delivery.

I don't know if there is something wrong with the regex or syntax (I would have expected some warning during exim rebuild or restart if there had been a syntax error)
 

keat63

Well-Known Member
Nov 20, 2014
1,892
248
93
cPanel Access Level
Root Administrator
The message in the exim rebuild would indicate that it's working.

Words along the lines "switching filter, inbound_tld_block to on"

However, /etc/cpanel_exim_system_filter doesn't appear to change.
I guess this is the reason for the filter not working.

Having found where to add the entry in MSFE, i'm hoping this is the end of it.
It would be interesting to learn why the custom filter doesn't work though.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
458
113
UK
cPanel Access Level
Root Administrator
That was what was strange. As I detailed above, my /etc/cpanel_exim_system_filter reflected the inclusion of the new rule perfectly - it just didn't filter anything :confused:
 

keat63

Well-Known Member
Nov 20, 2014
1,892
248
93
cPanel Access Level
Root Administrator
MSFE is indeed now blocking these, however, I can see them in MSFE front end.
This leads me to believe that exim is accepting them, with MSFE filtering them out.

If I were to concentrate on getting the custom filter working, would this change the results.
I'd much prefer if exim dropped (or failed) them at the time of handshake, and they didn't appear in MSFE front end at all.