CPanel + Exim + User Level Filtering

Nov 18, 2008

whether our webhost has their configuration messed up, or if this is not genuinely possible with cpanel + exim + shared hosting.

Our email server is hosted with the web host, and what we want to do is to not allow certain users to be able to receive (And send) outgoing email to non-local domains e.g. they should only be able send and receive within our hosted domain, .

Now, we've tried doing this using cpanel's user level filters and have setup the following:

If Field To does not contain OR
If Field From does not contain


Fail with message.

We've tested these filters using combinations and they seem to be working as far as we can see on cpanel (it has the filter testing feature)

Now this works for people sending emails into our domain e.g. someone from hotmail tries sending emails to a user, and it bounces back.

But people from inside the domain can send emails to other domains even when they give valid results on the cpanel filter tester.

View 3 Replies


CPanel E-mail :: Notifications When Email Forwarders / User Level And Account Level Filtering Set

Jun 6, 2015

We have noticed an increase in fraud when user emails are hacked and user level filtering are added and then those being used for various frauds.

Hence would like to know if we can have an automated notification created whenever a new forwarded, account level filter or user level filter is set. This will alert the user so he can secure his system.

View 1 Replies View Related

CPanel E-mail :: Filtering - Choosing Whether To Use User Or Account Level

Oct 13, 2014

There's no shortage of explanations of how to set up user and account level filtering but I haven't found anything about how to choose which of the two types to apply in any particular case. I thinking in terms of efficiency for the server and best practise in terms of handling discards, etc. Do they both operate at more or less the same level in the software or does filtering at account level perhaps bypass a whole load of subsequent processing.

I have a simple setup requiring passing one email address and a default account filtered for email addressed ending with a pattern match. Is there a way to return address not known in the later case?

View 2 Replies View Related

CPanel E-mail :: How To Import User Level Filtering List To Account

Sep 22, 2013

So i am finding that the user level filtering options in cpanel are very powerful especially with spammers that user common keywords.

I have a nice list of about 30 filters that i want to reuse, i would like to know if this file gets stored on the hosting account ? if so where?

Can i reuse this list ? and if i create a new hosting account can i ftp this list to a specific directory and it will inherit the filters as well ?

I really do not want to manually typing in all the filters again if at all possible, its just a tedious task.

Finally if the above can be achieved is it possible to include this filter list in a specific directory in the Skeleton directory so that when a new hosting account is setup it will inherit the filters.

View 11 Replies View Related

CPanel E-mail :: Test Failing In User Level Filtering (for Addon Domain)

Jun 9, 2014

I'm having a problem with using the "Test" facility under User Level Filtering (for an addon domain).

No matter what I try, when I use the Test button after setting up a filter, all I seem to get is the following:

(NB, substitutions made for real domain/server names etc)

>>>> ESMTP #3 Mon, 09 Jun 2014 10:54:21 -0500
>>>> 220-We do not authorize the use of this system to transport unsolicited,
>>>> 220 and/or bulk e-mail.
<<<< HELO
>>>> 250 Hello localhost []
>>>> 250 OK

[Code] ....

The actual filter seems to work in real life, it's just the test that doesn't!

I have copied a full text version of one of the emails that does forward (including the headers) which does obviously contain the search phrase, but still no joy.

I have tried various To/From contains/is variants but it seems the feature is broken. My well known hosting supplier have tested it at various terminals at their end and get the same failure and say it's a cPanel problem but I can't find anything recent mentions about similar issues, just stuff from about 2008.

The exact filter format I'm currently using is:
(it works in real life but not in cPanel test mode)

"Any Header" "Contains" ""
Redirect to ""

Just a thought, could this have anything to do with removing addon domain subdomain references in Advanced DNS Zone Editor that I also used a different naming structure on when creating the addon domains?

View 2 Replies View Related

CPanel E-mail :: Spam Bypassing Account Level And User-level Filters

Jul 30, 2014

Two separate situations, same type of problem:

Issue #1: account-level and user-level both have a filter to Discard messages with a From field ending with .eu.
Result: some get through. Examples:

2014-07-30 07:18:31 1XCUi4-0002VC-Dx H=( []:57772 Warning: "SpamAssassin as benchmar detected message as NOT spam (0.8)"
2014-07-30 07:18:31 1XCUi4-0002VC-Dx H=( []:57772 Warning: Message has been scanned: no virus or other harmful content was found

[Code] ....

Example of a filtered email:

2014-07-30 10:03:00 1XCXHB-0006ER-Gu H=( []:47442 Warning: "SpamAssassin as benchmar detected message as spam (1.6)"
2014-07-30 10:03:00 1XCXHB-0006ER-Gu H=( []:47442 Warning: Message has been scanned: no virus or other harmful content was found

[Code] ....

Note: we have a spam bar discard filter for anything with one + in it, so I think it is matching that filter and not the .eu, as indicated by the difference in spam score between the first two and this filtered message.

I may have just realized the issue: do I need to escape the period? It should work either way... Right now it is "From ends with" and ".eu" in the text box.

Issue #2: messages bypassing account-level filters when sent to a forwarder address.

If you have a user-level or account level filter and a forwarder to the address with filters on it, messages will not be filtered.

View 5 Replies View Related

CPanel E-mail :: Account Level Filtering Does Not Work

Jul 6, 2015

I tried many times to deal with Account level filtering and search for this feature but I cannot found anything ....

I want to prevent my user from sending email outside. I just allow my sends email to my two specified domains like and

I've tried this:

From equals and
Any recipients does not contains
Action: Discard the message

But fail. I'm working with Cpanel X (X3).

View 6 Replies View Related

CPanel E-mail :: Account Level Filtering Not Reliable

Oct 4, 2014

I am, for some reason, receiving over 100 spam emails per day. I have done everything I can to stop, them, but they just continue to show up. SpamAssasin doesn't seem to catch them, even with the score set as low as 2, so I have resorted to making my own rules in Account Level Filtering in hopes of not having to deal with this BS anymore.

Unfortunately, it seems there is some sort of issue with Account Level Filtering as far as a limitation on how many rules you can have, even if you have multiple filters. I have tried to test my rules by emailing myself and the emails come right through...also, I have tried using the Filter Test area, and after the test I can see in the log where it is checking, for example, the word "Viagra" and doesn't catch it.

I'm losing my mind with the amount of spam I'm receiving, so I need to do something to combat it. I tried to post images of all of my filters to see if there was an error somewhere, but theres no upload button on the image picker...

View 1 Replies View Related

CPanel E-mail :: Regex On Account Level Filtering Not Working

Nov 27, 2013

We receive a lot of annoying emails from a conference company that always change their name, subject and email address using free email services (,,, etc).The only text that always repeat on the message's body is:

Tels (33) 3121 1350 con 10 LĂ­neas / Lada Nacional Sin Costo : 01800 8417770
Para desuscribir su correo ...

I created the next rule on the Account Level Filtering section to delete these messages (.cpanel/filter.yaml):

action: save
dest: /dev/null
enabled: 1
filtername: Cursos Avanzado


But we still receive more than 50 messages daily with this text in every of our 54 email accounts.

View 3 Replies View Related

CPanel E-mail :: Account Level Filtering Regex Error

Oct 15, 2014

I'm trying to make easier to control my filters in 'Account Level Filtering' using regex. I have a list of domains about 1500 entries divided by groups.

instead of have 'group 1' insert 200 domains one by one.

I want the make one rule with regex.

The problem is when i tried to insert this regex.


i get an error.

if i try put less filters like 20 it works, but i have way more then 20

View 3 Replies View Related

CPanel E-mail :: Account Level Filtering Suddenly Stopped Working

Nov 20, 2014

So i've been into this problem for 2 weeks so far without a solution, i cant really submit a ticket since im just a customer of a hosting company so im not the owner of cpanel software.

My current settings for spamassassin (3.3.2) are:

Spam auto delete Enabled
Messages with a spam score of 7 or higher will be deleted
Spambox is enabled
Min required score to consider an email spam -> 3

And the account level filtering rule says "Spam bar contains +++++++ (7) -> Discard message"

All of this was working but suddenly, a lot of email with score of 7+ started to make it to the spambox instead of getting deleted. It is not just for one email account but for many and nobody really knows whats going on, ive even deleted and created 3 times already the same rule but problem persist.

These are some headers which confirm Spamassassin is at least working fine by marking or not email as spam

X-Spam-Flag: YES
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.2 required=3.0 tests=BAYES_99,BAYES_999,
shortcircuit=no autolearn=spam version=3.3.2


View 8 Replies View Related

CPanel E-mail :: Account Level Filtering Blocks Valid Emails?

May 8, 2015

I have set up many rules under account level filtering. One of the rules that I set up consists of all the email addresses for my contacts and it says to stop processing rules if sender equals the email address for the contact. The rest of my rules follow and everything containing known buzz words for scam artist spammers is included and messages are blocked and returned with fail back to sender. Thinking that the first rule will preempt any of my contacts from being blocked, I thought everything would be fine.

But things don't seem to work out that way. When any sender (even the ones in my contact list covered by the rule to stop processing any rules) sends me an email with the subject "sex", they get a fail notice and the email is not delivered. why my "white list" rule which basically says if sender equals "", then stop processing rules does not work when the sender from sends out an email with the subject of "sex"?

View 3 Replies View Related

CPanel E-mail :: Any Way To Delete Default User-level Filter Of User Account

Jan 12, 2015

Is there any way to setup a default userl-level filter that gets created when an email account is created? If the filter is unwanted the user could then delete it.

View 1 Replies View Related

CPanel E-mail :: Can Convert Account Level Filter To User Level Filter

Feb 8, 2015

I've been creating Account level filters, but now realize I would be better served to move to User level filtering.Is there a way to convert my current Account level filter to User level? This would save much time as I have lots of filters that would otherwise have to be manually and laboriously recreated. I'm using cPanel Version 11.48.0 (build 9), if that makes a difference.

View 3 Replies View Related

Exim Filtering Options In Cpanel

Sep 11, 2008

more specific filtering options in cpanel exactly:

if header from contains 'example' and also header from contains 'example2' then discard

in cpanel it just has one word or phrase i need the filter to check for 2 words in any order in the from field

View 1 Replies View Related

Exim Filtering

May 29, 2007

I would like to filter some special mails of mine through an external PHP script. Is this possible? I would like to call the php file everytime a mail arrives, and the php file will make changes to that mail text and save in inbox.

My PHP file is ready but i need to make this work in Exim.

View 0 Replies View Related

Exim Filtering Jpg Attachments

Apr 6, 2007

Exim logs:

2007-04-05 15:07:45 1HZYFE-0003DC-Rr <= H=( []:42573 I=[]:25 P=esmtp S=9925 id=000801c777be$11815a50$34840ef0$@com T="test" from <> for
2007-04-05 15:07:45 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1HZYFE-0003DC-Rr
2007-04-05 15:07:45 1HZYFE-0003DC-Rr => discarded (system filter)
2007-04-05 15:07:45 1HZYFE-0003DC-Rr Completed QT=1s

This only happens when a 4kb jpeg/jpg attachment is sent. Not sure where its getting caught.

My antivirus.exim file attached

I searched for "jpg" and "jpeg" in that file, nothing showed up.

# Exim filter
## Version: 0.17
#$Id: system_filter.exim,v 1.11 2001/09/19 11:27:56 nigel Exp $

## Exim system filter to refuse potentially harmful payloads in
## mail messages
## (c) 2000-2001 Nigel Metheringham <>
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## GNU General Public License for more details.
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
## -A copy of the GNU General Public License is distributed with exim itself

## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
## The install notes are not a replacement for the exim documentation
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

## -----------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
# we express this in reverse so we can just bail out
# on inappropriate messages
if not first_delivery

## -----------------------------------------------------------------------
# Check for MS buffer overruns as per BUGTRAQ.
# [url]
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
fail text "This message has been rejected because it has

an overlength date field which can be used

to subvert Microsoft mail programs

The following URL has further information
seen finish

## -----------------------------------------------------------------------
# These messages are now being sent with a <> envelope sender, but
# blocking all error messages that pattern match prevents
# bounces getting back.... so we fudge it somewhat and check for known
# header signatures. Other bounces are allowed through.
if $header_from: contains ""
fail text "This message has been rejected since it has

the signature of a known virus in the header."
seen finish
if error_message and $header_from: contains "Mailer-Daemon@"
# looks like a real error message - just ignore it

## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")"
fail text "This message has been rejected because it has

potentially executable content $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
fail text "This message has been rejected because it has

potentially executable content $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish

## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")[\s;]"
fail text "This message has been rejected because it has

a potentially executable attachment $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\s;]"
fail text "This message has been rejected because it has

a potentially executable attachment $1

This form of attachment has been used by

recent viruses or other malware.

If you meant to send this file then please

package it up as a zip file and resend it."
seen finish
## -----------------------------------------------------------------------

#### Version history
# 0.01 5 May 2000
#Initial release
# 0.02 8 May 2000
#Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
#Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
#Check global content-type header. Efficiency mods to REs
# 0.05 9 May 2000
#More minor efficiency mods, doc changes
# 0.06 20 June 2000
#Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
#Latest MS Outhouse bug catching
# 0.08 19 July 2000
#Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
#More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
#Removed exclusion for error messages - this is a little nasty
#since it has other side effects, hence we do still exclude
#on unix like error messages
# 0.11 20 March, 2001
#Added CMD extension, tidied docs slightly, added RCS tag
#** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
#Added HTA extension
# 0.13 22 May, 2001
#Reformatted regexps and code to build them so that they are
#shorter than the limits on pre exim 3.20 filters. This will
#make them significantly less efficient, but I am getting so
#many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
#Added .lnk extension - most requested item :-)
#Reformatted everything so its now built from a set of short
#library files, cutting down on manual duplication.
#Changed w in filename detection to . - dodges locale problems
#Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
#Changed the . in filename detect to S (stops it going mad)
# 0.16 19 September, 2001
#Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
#Syntax fix

View 0 Replies View Related

Exim/Cpanel No Such User Here

Jun 25, 2008

I'm having an issue with email generated from a website contact form. The email is being sent from the website via php. The issue is that the email address that it is being sent to is a domain/website that is also on cpanel. It is trying to deliver it to a local account, but the email is acutally on a third party system outside of cpanel. Does anyone know anyway for exim to not try and deliver locally?

View 4 Replies View Related

CPanel E-mail :: Exim Freeze Mails From User?

Sep 6, 2014

how to freeze all queued mails from cpanel user "hfsbuikw" ? or delete them directly (from whm or from command line easilly)

i already know how to freeze mails from some sender:

Code : exiqgrep -i -f luser@example.tld | xargs exim -Mf

but the sender&recipient is random, so its not solution. mail number is too high to go thru the queue in whm

View 1 Replies View Related

CPanel E-mail :: Exim Moving Received Email From Specific User For Junk

Apr 10, 2015

For exemplify my problem i will call my client 'domain' and your domain ''.

My problem:

The account 'domain' have a domain called '' with the following users:

When send an e-mail to ( specifically this e-mails ) when recived from '' the exim or another software move the message to .Junk folder in the mail dir and if .Junk folder don't exists she is created.

This problem ocurre only for this users and only when send an e-mail to

The user '' haven't any filter and SpamAssassin is disabled.

Detail: yesterday (04.09.15) I tried removing and create the account again. In the early work, but today (10.04.15) the problem happened again.

Other detail: in exim_mainlog the massage as succefull senteded to te Inbox folder (/home/domain/mail/

View 1 Replies View Related

Difference Between Level 1, Level 2 And Level 3 Tech Support

Oct 10, 2009

Is there any preset criteria for it like Level 1 includes a, b & c, Level 2 includes d, e & f and level includes x, y & z?

I know the difference in General but, I wanted a specific answer.

View 14 Replies View Related

CPanel E-mail :: How To Check Culprit User(s) In Huge Exim Mail Queue

Apr 11, 2014

how to check what user(s) are taking up the 700k+ (yes, 700,000+) emails in the exim queue? Either a command via ssh or using ConfigServer Mail Queues plugin?

View 4 Replies View Related

Exim: User Unknown (domain Forward)

Dec 3, 2007

One of my clients has 2 accounts:

-, with a mail account
-, with domain forwarding to

Sending an email message to works.

Sending an email message to doesn't work. When using the ZoneEdit SMTP test utility I get the following error message:

> RCPT TO:<>
< 550 5.1.1 User unknown:
I checked "/etc/vdomainaliases/" and "/etc/localdomains", they are configured properly.

Any suggestions?

View 0 Replies View Related

Exim :: Catch The User Sending Spam With Mailnull?

May 28, 2009

i have a vps but there is too much process called mailnull
after that the data centre closed my server for being sent spam

so how i can catch the user sending spam with mailnull?

View 7 Replies View Related

Exim Sda7: Write Failed, User Block Limit Reached

May 23, 2009

i have run exim -qff from SSH then i got below error let me know what to do

root@web [~]# exim -qff
sda7: write failed, user block limit reached.
sda7: write failed, user block limit reached.
sda7: write failed, user block limit reached.

View 4 Replies View Related

Email Filtering - Cpanel

Apr 25, 2008

My provider is using mailfoundry for spam filtering.. but I used IMAP (stored on server) for email.. my problem is that I'm also using a catch-all address and I make up random email names for sites I go to, to check for spam on the incoming side..

I setup filters in Cpanel to remove the selected spam or emails I don't wish to recieve.. but they don't seem to remove themselves.. it could just be a setup problem or it could be the mailfoundry.. not sure..

Here's the settings I have in cpanel (I just altered the name) is this the right setting.. or does it go elsewhere?

View 0 Replies View Related

Hosted Third-party Spam Filtering For CPanel

Oct 3, 2007

Can anyone recommend a hosted third-party spam filtering service for cPanel servers?

Most of the servers are reseller based, and I don't see myself or my team having to enter each individual email address into the service.

With that said, is there any service where you can just point the MX records to it, it would scan the email, and then deliver it?

View 2 Replies View Related

CPanel E-mail :: Spam Bar Filtering Disabled?

Jun 11, 2014

From the cPanel page for the main user account I can add user-level filtering based on the Spam Bar. However, when the user logs in to webmail and selects "Email Filtering" and then to "Create a new Filter", the drop down menu options for "Spam Status", "Spam Bar" and "Spam Score" are disabled. They are only able to add filters for From, Subject, To, etc.

Why are the "Spam Status", "Spam Bar" and "Spam Score" options disabled for users to add? I know Spamassassin activating these options are enabled, but I dont want to use Spamassassin.

View 3 Replies View Related

CPanel E-mail :: DKIM Signing Without Filtering

Apr 21, 2015

For a website account I want to have the smtp server sign outgoing mail with DKIM, but I don't not want the server to filter incoming messages. Is it possible with cPanel?

If I look under "Email Authentication" in cPanel it says "DKIM allows your server to verify incoming email and prevent incoming spam messages. This feature ensures that incoming messages are unmodified and are genuinely from the indicated sender." This would seem to indicate that this function enables the filtering of incoming messages, that I do not want.

But if I try to enable the function it checks if the server is authoritative and shows a dns record to configure, which would indicate that this is the signing, that I do want (there would be no need to set up a new dns record, if I was just doing filtering). So is this function ("DKIM" under "Email Authentication") controlling filtering (so the text is simply wrong) or signing? or both (and if so, are there any way of only enabling one of them)?

View 6 Replies View Related

CPanel E-mail :: Filtering Logic When Using Multiple AND And Single OR

Jan 5, 2015

I have read URL... and specifically: "cPanel will always process the "and" operator before the "or" operator" and the example.

Can I infer from this that 'A and B or C and D and E or F' would become: (A and B) or (C and D and E) or F ? Is that also generally true - i.e. all ORs are "top level" - i.e. any true condition between them will give true overall with all the ANDs honoured?

Spotted that:
*does* match when used with Match Regex 'Any recipient' but *fails* when used in Match Regex 'From'

View 1 Replies View Related

CPanel E-mail :: Account And Email Filtering Not Working

Aug 4, 2014

Any reason filtering won't be working? I noticed on one of our servers when we create a rule to say discard a message the filtering does not work. Quite strange. I did the same thing on a another cpanel server which works fine. =Where to start looking?

View 1 Replies View Related

Copyrights 2005-15, All rights reserved