more specific filtering options in cpanel exactly:
if header from contains 'example' and also header from contains 'example2' then discard
in cpanel it just has one word or phrase i need the filter to check for 2 words in any order in the from field
whether our webhost has their configuration messed up, or if this is not genuinely possible with cpanel + exim + shared hosting.
Our email server is hosted with the web host, and what we want to do is to not allow certain users to be able to receive (And send) outgoing email to non-local domains e.g. they should only be able send and receive within our hosted domain, @mydomain.com .
Now, we've tried doing this using cpanel's user level filters and have setup the following:
Rules:
If Field To does not contain @mydomain.com OR
If Field From does not contain @mydomain.com
Action:
Fail with message.
We've tested these filters using combinations and they seem to be working as far as we can see on cpanel (it has the filter testing feature)
Now this works for people sending emails into our domain e.g. someone from hotmail tries sending emails to a user, and it bounces back.
But people from inside the domain can send emails to other domains even when they give valid results on the cpanel filter tester.
I would like to filter some special mails of mine through an external PHP script. Is this possible? I would like to call the php file everytime a mail arrives, and the php file will make changes to that mail text and save in inbox.
My PHP file is ready but i need to make this work in Exim.
Exim logs:
2007-04-05 15:07:45 1HZYFE-0003DC-Rr <= sales@mydomain.com H=(mta2.srv.hcvlny.cv.net) [167.206.4.197]:42573 I=[xxx.xxx.122.208]:25 P=esmtp S=9925 id=000801c777be$11815a50$34840ef0$@com T="test" from <sales@mydomain.com> for marco@customer.ca maria@customer.ca
2007-04-05 15:07:45 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1HZYFE-0003DC-Rr
2007-04-05 15:07:45 1HZYFE-0003DC-Rr => discarded (system filter)
2007-04-05 15:07:45 1HZYFE-0003DC-Rr Completed QT=1s
This only happens when a 4kb jpeg/jpg attachment is sent. Not sure where its getting caught.
My antivirus.exim file attached
I searched for "jpg" and "jpeg" in that file, nothing showed up.
Code:
# Exim filter
## Version: 0.17
#$Id: system_filter.exim,v 1.11 2001/09/19 11:27:56 nigel Exp $
## Exim system filter to refuse potentially harmful payloads in
## mail messages
## (c) 2000-2001 Nigel Metheringham <nigel@exim.org>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
## -A copy of the GNU General Public License is distributed with exim itself
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
## The install notes are not a replacement for the exim documentation
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## -----------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
#
if not first_delivery
then
finish
endif
## -----------------------------------------------------------------------
# Check for MS buffer overruns as per BUGTRAQ.
# [url]
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
fail text "This message has been rejected because it has
an overlength date field which can be used
to subvert Microsoft mail programs
The following URL has further information
[url]
seen finish
endif
## -----------------------------------------------------------------------
# These messages are now being sent with a <> envelope sender, but
# blocking all error messages that pattern match prevents
# bounces getting back.... so we fudge it somewhat and check for known
# header signatures. Other bounces are allowed through.
if $header_from: contains "@sexyfun.net"
then
fail text "This message has been rejected since it has
the signature of a known virus in the header."
seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
# looks like a real error message - just ignore it
finish
endif
## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")"
then
fail text "This message has been rejected because it has
potentially executable content $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
fail text "This message has been rejected because it has
potentially executable content $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")[\s;]"
then
fail text "This message has been rejected because it has
a potentially executable attachment $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\s;]"
then
fail text "This message has been rejected because it has
a potentially executable attachment $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
#### Version history
#
# 0.01 5 May 2000
#Initial release
# 0.02 8 May 2000
#Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
#Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
#Check global content-type header. Efficiency mods to REs
# 0.05 9 May 2000
#More minor efficiency mods, doc changes
# 0.06 20 June 2000
#Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
#Latest MS Outhouse bug catching
# 0.08 19 July 2000
#Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
#More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
#Removed exclusion for error messages - this is a little nasty
#since it has other side effects, hence we do still exclude
#on unix like error messages
# 0.11 20 March, 2001
#Added CMD extension, tidied docs slightly, added RCS tag
#** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
#Added HTA extension
# 0.13 22 May, 2001
#Reformatted regexps and code to build them so that they are
#shorter than the limits on pre exim 3.20 filters. This will
#make them significantly less efficient, but I am getting so
#many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
#Added .lnk extension - most requested item :-)
#Reformatted everything so its now built from a set of short
#library files, cutting down on manual duplication.
#Changed w in filename detection to . - dodges locale problems
#Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
#Changed the . in filename detect to S (stops it going mad)
# 0.16 19 September, 2001
#Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
#Syntax fix
I've got a dedicated with Centos 4.x, WHM / Cpanel. I have problem when create new account, this is error:
Setting up Mail & Local Domains...localdomains...valiases ...vdomainaliases...vfilters......Done
Configuring DNS...Bind reconfiguring on server using rndc
Error reconfiguring bind on server: rndc: error: /etc/rndc.key:7: 'options' redefined near 'options'
rndc: could not load rndc configuration
My provider is using mailfoundry for spam filtering.. but I used IMAP (stored on server) for email.. my problem is that I'm also using a catch-all address and I make up random email names for sites I go to, to check for spam on the incoming side..
I setup filters in Cpanel to remove the selected spam or emails I don't wish to recieve.. but they don't seem to remove themselves.. it could just be a setup problem or it could be the mailfoundry.. not sure..
Here's the settings I have in cpanel (I just altered the name) is this the right setting.. or does it go elsewhere?
Can anyone recommend a hosted third-party spam filtering service for cPanel servers?
Most of the servers are reseller based, and I don't see myself or my team having to enter each individual email address into the service.
With that said, is there any service where you can just point the MX records to it, it would scan the email, and then deliver it?
How do you get Exim to rewrite/remove
Received: from ip.isp.com ([123.123.123.123])
by mx.myhost.net with esmtpa (Exim 4.69)
I'm trying to avoid the error
Received-SPF: softfail (google.com: domain of transitioning me@myhost.net does not designate 123.123.123.123 as permitted sender) client-ip=123.123.123.123;
Basically, any email thats sent through myhost.net should look like it was sent directly.
I am having issues in receieving emails. For some reason, the rbl lists I had setup are causing the server to reject emails (retry - timeout). So, I need to take this rbl list completely. How can I do that? exim.conf is locked and using the advanced editor is no fun even though I tried it putting the dnslists without the rbl causing the problem.
View 3 Replies View RelatedWhat are some good and reliable RBL for use in Exim on Cpanel? Please provide full urls.
View 5 Replies View RelatedI'm having an issue with email generated from a website contact form. The email is being sent from the website via php. The issue is that the email address that it is being sent to is a domain/website that is also on cpanel. It is trying to deliver it to a local account, but the email is acutally on a third party system outside of cpanel. Does anyone know anyway for exim to not try and deliver locally?
View 4 Replies View RelatedI seem to be experiencing some difficulty adding SPF records via "Edit DNS Zone". When adding these records and checking them with several SPF record checkers, it always reports a record such as the following:
“v=spf1
Which turns out to be invalid, and definitely not the record I had specified. The record I specified looks like the following:
"v=spf1 a mx ip4:XXX.XXX.XXX.XXX ~all"
XXX.XXX.XXX.XXX being a valid IP, of course.
Is there known issues when adding these types of records via WHM?
And to make it clear, I have added these records as TXT type, with and without the quotes.
Wondered if anyone out there would like to share their experience, if any, of setting up cpanel to work with domainkeys via exim.
Hopefully anyone reading this thread will know by now what domainkeys are and how it affects the delivering of email to most major email providers inboxes rather than spam/bulk folders.
antispam.yahoo.com/domainkeys
The domainkeys support for exim is now in the 'experimental' phase:
duncanthrax.net/exim-experimental/
(page allegedly updated on 30th Oct, 06)
However cpanel themselves seem to be dragging their feet a little with implementing it:
bugzilla.cpanel.net/show_bug.cgi?id=4099
This is understandable considering support for domainkeys is not yet part of the main exim core code, and thus is likely to change. From what I've been reading elsewhere, re-compiling and upgrading exim is not advisable with cpanel.
My knowledge of exim (and cpanel TBH) is limited however, and I was wondering what might be the implications of *ahem* hacking it a little in order to enable domainkeys.
SPF records alone just don't seem to cut it anymore.