Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

trying to block tld with exim custom filter

Discussion in 'E-mail Discussion' started by keat63, Mar 20, 2018.

Tags:
  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I created a custom filter in /usr/local/cpanel/etc/exim/sysfilter/options/ to block .date TLD's, but can't get it to work.

    Code:
    if first_delivery
    and ("$h_to:, $h_cc:" contains ".date")
    or ("$h_from:" contains ".date")
    then
    seen finish
    endif
    Now go into WHM -> Exim Configuration Manager -> Basic Editor -> Filters, and you should see the new filter listed:
    
    ** Custom Filter: inbound_tld_block
    
    If it’s not already enabled, enable it here and then save.
    spam emails from .date TLD's are still getting through.

    Any ideas where I'm going wrong, could it be related to these tld's having a hyphen in the email address ?

    eg: frapp-go.date, waltz-or.date, belch-in.date etc etc.

    In the short term, i've given .data a huge spam score, but i'd rather these get dropped by exim.
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
  3. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    You could try
    Code:
    if $sender_address matches \\.date\$
    then fail
    endif
    Since this uses a regex, I don't think the matches line needs any nested brackets, but you may need to to experiment.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    i'll give that a try and see what happens.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I still can't seem to get this working.
    I assume that exim is supposed to reject these at handshake ?

    I'm still seeing them in mailscanner front end, although I gave the tld a huge spam score, so not seeing them in the mailbox.

    in /usr/local/cpanel/etc/exim/sysfilter/options/

    I have a custom rule named inbound_tld_block, which is enabled in exim config.
    The rule contains the following


    if $sender_address matches \\.date\$
    then fail
    endif


    any tips where i'm going wrong
     
  7. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Did you rebuild the exim configuration ?

    Just go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....
    Code:
    Your changes have been saved.
    
    Restarting cPanel daemons...done.
    
    Updating your system to reflect any changes...
    Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.
    
    Done.
    Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.
    and you will see in the newly generated /etc/cpanel_exim_system_filter file the following
    Code:
    # BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
    # (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
    # or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
    if $sender_address matches \\.date\$
    then fail
    endif
    # END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
    
    Hope this helps
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,479
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There's an easier way (with MSFE).
    WebHost Manager »Plugins »ConfigServer MailScanner Front-End »Front-End Settings »Server Spam Blacklist, add this:
    Code:
    *@*.date
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    If I disable the filter in exim config, save changes, then re-enable and save changes again, I can see this being echo'd in the the exim retstart.
    However, i don't see the file being updated in etc.
    I have 2 files in there.

    /etc/cpanel_exim_system_filter
    /etc/cpanel_exim_system_filter_copy

    both having diffrent time stamps, none of which are todays.

    I'll take a look in MSFE though.
     
  10. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Sorry this has taken so long to reply to, but I don't get a lot of messages from .date tld's, so it took a while to test.

    I have to confess that the filter I suggested is NOT stopping the .date TLD's

    According to all the documentation and what I can see in the files, it installed correctly, but just doesn't work - the incoming messages from .date addresses are still getting processed for delivery.

    I don't know if there is something wrong with the regex or syntax (I would have expected some warning during exim rebuild or restart if there had been a syntax error)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    The message in the exim rebuild would indicate that it's working.

    Words along the lines "switching filter, inbound_tld_block to on"

    However, /etc/cpanel_exim_system_filter doesn't appear to change.
    I guess this is the reason for the filter not working.

    Having found where to add the entry in MSFE, i'm hoping this is the end of it.
    It would be interesting to learn why the custom filter doesn't work though.
     
  12. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    839
    Likes Received:
    302
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    That was what was strange. As I detailed above, my /etc/cpanel_exim_system_filter reflected the inclusion of the new rule perfectly - it just didn't filter anything :confused:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Ensure to read through the following post to verify you are not facing the issue referenced there:

    Exim custom filter not working

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    MSFE is indeed now blocking these, however, I can see them in MSFE front end.
    This leads me to believe that exim is accepting them, with MSFE filtering them out.

    If I were to concentrate on getting the custom filter working, would this change the results.
    I'd much prefer if exim dropped (or failed) them at the time of handshake, and they didn't appear in MSFE front end at all.
     
  15. ebizindia

    ebizindia Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    90
    Likes Received:
    3
    Trophy Points:
    158
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    AFAIK, the Exim filter works after the email is accepted and being processed. So the email will be dropped but it will be accepted from the sender.
     
  16. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,017
    Likes Received:
    45
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    if this is the case, then I might as well let MSFE take care of them.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice