Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

trying to block tld with exim custom filter

Discussion in 'E-mail Discussions' started by keat63, Mar 20, 2018.

Tags:
  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I created a custom filter in /usr/local/cpanel/etc/exim/sysfilter/options/ to block .date TLD's, but can't get it to work.

    Code:
    if first_delivery
    and ("$h_to:, $h_cc:" contains ".date")
    or ("$h_from:" contains ".date")
    then
    seen finish
    endif
    Now go into WHM -> Exim Configuration Manager -> Basic Editor -> Filters, and you should see the new filter listed:
    
    ** Custom Filter: inbound_tld_block
    
    If it’s not already enabled, enable it here and then save.
    spam emails from .date TLD's are still getting through.

    Any ideas where I'm going wrong, could it be related to these tld's having a hyphen in the email address ?

    eg: frapp-go.date, waltz-or.date, belch-in.date etc etc.

    In the short term, i've given .data a huge spam score, but i'd rather these get dropped by exim.
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
  3. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    618
    Likes Received:
    192
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    You could try
    Code:
    if $sender_address matches \\.date\$
    then fail
    endif
    Since this uses a regex, I don't think the matches line needs any nested brackets, but you may need to to experiment.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    i'll give that a try and see what happens.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I still can't seem to get this working.
    I assume that exim is supposed to reject these at handshake ?

    I'm still seeing them in mailscanner front end, although I gave the tld a huge spam score, so not seeing them in the mailbox.

    in /usr/local/cpanel/etc/exim/sysfilter/options/

    I have a custom rule named inbound_tld_block, which is enabled in exim config.
    The rule contains the following


    if $sender_address matches \\.date\$
    then fail
    endif


    any tips where i'm going wrong
     
  7. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    618
    Likes Received:
    192
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Did you rebuild the exim configuration ?

    Just go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....
    Code:
    Your changes have been saved.
    
    Restarting cPanel daemons...done.
    
    Updating your system to reflect any changes...
    Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.
    
    Done.
    Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.
    and you will see in the newly generated /etc/cpanel_exim_system_filter file the following
    Code:
    # BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
    # (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
    # or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
    if $sender_address matches \\.date\$
    then fail
    endif
    # END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
    
    Hope this helps
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,066
    Likes Received:
    348
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There's an easier way (with MSFE).
    WebHost Manager »Plugins »ConfigServer MailScanner Front-End »Front-End Settings »Server Spam Blacklist, add this:
    Code:
    *@*.date
     
  9. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    If I disable the filter in exim config, save changes, then re-enable and save changes again, I can see this being echo'd in the the exim retstart.
    However, i don't see the file being updated in etc.
    I have 2 files in there.

    /etc/cpanel_exim_system_filter
    /etc/cpanel_exim_system_filter_copy

    both having diffrent time stamps, none of which are todays.

    I'll take a look in MSFE though.
     
  10. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    618
    Likes Received:
    192
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Sorry this has taken so long to reply to, but I don't get a lot of messages from .date tld's, so it took a while to test.

    I have to confess that the filter I suggested is NOT stopping the .date TLD's

    According to all the documentation and what I can see in the files, it installed correctly, but just doesn't work - the incoming messages from .date addresses are still getting processed for delivery.

    I don't know if there is something wrong with the regex or syntax (I would have expected some warning during exim rebuild or restart if there had been a syntax error)
     
  11. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    The message in the exim rebuild would indicate that it's working.

    Words along the lines "switching filter, inbound_tld_block to on"

    However, /etc/cpanel_exim_system_filter doesn't appear to change.
    I guess this is the reason for the filter not working.

    Having found where to add the entry in MSFE, i'm hoping this is the end of it.
    It would be interesting to learn why the custom filter doesn't work though.
     
  12. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    618
    Likes Received:
    192
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    That was what was strange. As I detailed above, my /etc/cpanel_exim_system_filter reflected the inclusion of the new rule perfectly - it just didn't filter anything :confused:
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Ensure to read through the following post to verify you are not facing the issue referenced there:

    Exim custom filter not working

    Thank you.
     
  14. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    MSFE is indeed now blocking these, however, I can see them in MSFE front end.
    This leads me to believe that exim is accepting them, with MSFE filtering them out.

    If I were to concentrate on getting the custom filter working, would this change the results.
    I'd much prefer if exim dropped (or failed) them at the time of handshake, and they didn't appear in MSFE front end at all.
     
  15. ebizindia

    ebizindia Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    83
    Likes Received:
    3
    Trophy Points:
    158
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    AFAIK, the Exim filter works after the email is accepted and being processed. So the email will be dropped but it will be accepted from the sender.
     
  16. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    933
    Likes Received:
    32
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    if this is the case, then I might as well let MSFE take care of them.
     
Loading...

Share This Page