trying to block tld with exim custom filter

I created a custom filter in /usr/local/cpanel/etc/exim/sysfilter/options/ to block .date TLD's, but can't get it to work.

Code:

if first_delivery
and ("$h_to:, $h_cc:" contains ".date")
or ("$h_from:" contains ".date")
then
seen finish
endif
Now go into WHM -> Exim Configuration Manager -> Basic Editor -> Filters, and you should see the new filter listed:

** Custom Filter: inbound_tld_block

If it’s not already enabled, enable it here and then save.

spam emails from .date TLD's are still getting through.

Any ideas where I'm going wrong, could it be related to these tld's having a hyphen in the email address ?

eg: frapp-go.date, waltz-or.date, belch-in.date etc etc.

In the short term, i've given .data a huge spam score, but i'd rather these get dropped by exim.

 

I created a new rule following instructions in this thread.

Block incoming emails from domain

I'll see what happens from here.

 

i'll give that a try and see what happens.

 

I still can't seem to get this working.
I assume that exim is supposed to reject these at handshake ?

I'm still seeing them in mailscanner front end, although I gave the tld a huge spam score, so not seeing them in the mailbox.

in /usr/local/cpanel/etc/exim/sysfilter/options/

I have a custom rule named inbound_tld_block, which is enabled in exim config.
The rule contains the following

if $sender_address matches \\.date\$
then fail
endif


any tips where i'm going wrong

 

If I disable the filter in exim config, save changes, then re-enable and save changes again, I can see this being echo'd in the the exim retstart.
However, i don't see the file being updated in etc.
I have 2 files in there.

/etc/cpanel_exim_system_filter
/etc/cpanel_exim_system_filter_copy

both having diffrent time stamps, none of which are todays.

I'll take a look in MSFE though.

 

The message in the exim rebuild would indicate that it's working.

Words along the lines "switching filter, inbound_tld_block to on"

However, /etc/cpanel_exim_system_filter doesn't appear to change.
I guess this is the reason for the filter not working.

Having found where to add the entry in MSFE, i'm hoping this is the end of it.
It would be interesting to learn why the custom filter doesn't work though.

 

MSFE is indeed now blocking these, however, I can see them in MSFE front end.
This leads me to believe that exim is accepting them, with MSFE filtering them out.

If I were to concentrate on getting the custom filter working, would this change the results.
I'd much prefer if exim dropped (or failed) them at the time of handshake, and they didn't appear in MSFE front end at all.

 

if this is the case, then I might as well let MSFE take care of them.