trying to block tld with exim custom filter

[keat63]

I created a custom filter in /usr/local/cpanel/etc/exim/sysfilter/options/ to block .date TLD's, but can't get it to work.

if first_delivery
and ("$h_to:, $h_cc:" contains ".date")
or ("$h_from:" contains ".date")
then
seen finish
endif
Now go into WHM -> Exim Configuration Manager -> Basic Editor -> Filters, and you should see the new filter listed:

** Custom Filter: inbound_tld_block

If it’s not already enabled, enable it here and then save.

spam emails from .date TLD's are still getting through.

Any ideas where I'm going wrong, could it be related to these tld's having a hyphen in the email address ?

eg: frapp-go.date, waltz-or.date, belch-in.date etc etc.

In the short term, i've given .data a huge spam score, but i'd rather these get dropped by exim.

 

[keat63]

I created a new rule following instructions in this thread.

Block incoming emails from domain

I'll see what happens from here.

 

[rpvw]

You could try

if $sender_address matches \\.date\$
then fail
endif

Since this uses a regex, I don't think the matches line needs any nested brackets, but you may need to to experiment.

 

[keat63]

i'll give that a try and see what happens.

 

[cPanelMichael]

Hello,

You may also want to verify you are not running into the issue discussed on the following post:

Exim custom filter not working

Thank you.

 

[keat63]

I still can't seem to get this working.
I assume that exim is supposed to reject these at handshake ?

I'm still seeing them in mailscanner front end, although I gave the tld a huge spam score, so not seeing them in the mailbox.

in /usr/local/cpanel/etc/exim/sysfilter/options/

I have a custom rule named inbound_tld_block, which is enabled in exim config.
The rule contains the following

if $sender_address matches \\.date\$
then fail
endif


any tips where i'm going wrong

 

[rpvw]

Did you rebuild the exim configuration ?

Just go to WHM > Service Configuration > Exim Configuration Manager (Basic Editor) and click Save at the bottom of the page - you should get something like.....

Your changes have been saved.

Restarting cPanel daemons...done.

Updating your system to reflect any changes...
Creating new setting for “filter_inbound_tld_block” of “On”. “filter_inbound_tld_block” was updated.

Done.
Your configuration changes have been saved! Waiting for “exim” to restart ………waiting for “exim” to initialize ………finished.

and you will see in the newly generated /etc/cpanel_exim_system_filter file the following

# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
if $sender_address matches \\.date\$
then fail
endif
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/inbound_tld_block

Hope this helps

 

[Infopro]

I'm still seeing them in mailscanner front end, although I gave the tld a huge spam score, so not seeing them in the mailbox.

There's an easier way (with MSFE).
WebHost Manager »Plugins »ConfigServer MailScanner Front-End »Front-End Settings »Server Spam Blacklist, add this:

*@*.date

 

[keat63]

If I disable the filter in exim config, save changes, then re-enable and save changes again, I can see this being echo'd in the the exim retstart.
However, i don't see the file being updated in etc.
I have 2 files in there.

/etc/cpanel_exim_system_filter
/etc/cpanel_exim_system_filter_copy

both having diffrent time stamps, none of which are todays.

I'll take a look in MSFE though.

 

[rpvw]

Sorry this has taken so long to reply to, but I don't get a lot of messages from .date tld's, so it took a while to test.

I have to confess that the filter I suggested is NOT stopping the .date TLD's

According to all the documentation and what I can see in the files, it installed correctly, but just doesn't work - the incoming messages from .date addresses are still getting processed for delivery.

I don't know if there is something wrong with the regex or syntax (I would have expected some warning during exim rebuild or restart if there had been a syntax error)

 

[keat63]

The message in the exim rebuild would indicate that it's working.

Words along the lines "switching filter, inbound_tld_block to on"

However, /etc/cpanel_exim_system_filter doesn't appear to change.
I guess this is the reason for the filter not working.

Having found where to add the entry in MSFE, i'm hoping this is the end of it.
It would be interesting to learn why the custom filter doesn't work though.

 

[rpvw]

That was what was strange. As I detailed above, my /etc/cpanel_exim_system_filter reflected the inclusion of the new rule perfectly - it just didn't filter anything

 

[cPanelMichael]

That was what was strange. As I detailed above, my /etc/cpanel_exim_system_filter reflected the inclusion of the new rule perfectly - it just didn't filter anything

Hello,

Ensure to read through the following post to verify you are not facing the issue referenced there:

Exim custom filter not working

Thank you.

 

[keat63]

MSFE is indeed now blocking these, however, I can see them in MSFE front end.
This leads me to believe that exim is accepting them, with MSFE filtering them out.

If I were to concentrate on getting the custom filter working, would this change the results.
I'd much prefer if exim dropped (or failed) them at the time of handshake, and they didn't appear in MSFE front end at all.

 

[ebizindia]

AFAIK, the Exim filter works after the email is accepted and being processed. So the email will be dropped but it will be accepted from the sender.

 

[keat63]

if this is the case, then I might as well let MSFE take care of them.