Mail Filters not working as expected

Smartypants

• July 25, 2019 10:35

A few months back, I setup filters to deal with some particularly persistent SEO/web dev spammers & their useless hosting provider who continue to allow it, even after being sent literally hundreds of abuse complaints. I setup a filter in CPanel for any message where the from address contained one of the spammers' domain names, and setup the actions as follows: Redirect to EMail (the abuse reporting address for the negligent hosting provider) Deliver to Folder Fail With Message I realize it would be easier to just blacklist the spammer's IP range or domain names, but I still want to receive copies of the messages so that I can report them via Spamcop & train spamassassin on them. The redirect action is to automate the reporting of the messages (and I admit I enjoy the idea of the spammers unwittingly spamming their own hosting provider), the deliver to folder action is so I can keep a copy of the message, and the "Fail With Message" action is because I have noticed that a large volume of bounces is one of the few things that will motivate negligent providers to clamp down on spammers they host. Until recently, this has been working as intended, the messages would filtered into the folder I had specified - but about a month ago I had to move the relevant hosting account to a different server, and since then (having made no other changes) the filter fails to work as intended. I've tried viewing the raw headers of one of the messages that should be filtered & copy-pasting it into the "Filter Test" box in CPanel, it indicates that it should work - I get the "The Filter has matched the following condition(s):" output - but in practice, it still doesn't appear to be doing anything. Give the circumstances (the filter stopped working despite having made no changes to it), this would seem to be another CPanel glitch/regression. Please advise when this will be fixed.

• 

  cPanelLauren

  • July 25, 2019 16:16

  I'm hesitant to claim this is a glitch or regression without further information. What is the output of the transaction which should be filtered in the exim logs? You can find them at /var/log/exim_mainlog

  0
• 

  Smartypants

  • July 25, 2019 20:55

  I'm hesitant to claim this is a glitch or regression without further information. What is the output of the transaction which should be filtered in the exim logs? You can find them at /var/log/exim_mainlog

  
  It's not a definitive or even terribly strong indication (more correlation that cause), granted, but I don't really any other indications to go on. Regarding the logs, there IS record of the message having been filtered in the log, but by a different filter. For context, I should add that there is also a global filter in the same hosting account that moves messages into a spam@ account if their SpamAssassin score is above a certain threshold (filtering on the X-Spam-Bar header) - and the filter which isn't working is an account-level filter, specific to the spam@ account. I did it that way so that the redirect-bounce-move filter would only apply to messages that were already identified as spam, on the off chance of receiving any legitimate EMail from the spammy server. Anywho, here are the results I get when I grep exim_mainlog for the message's ID: 2019-07-25 07:32:55 1hqbzQ-0004or-PX => spam ("spam+_FILTERED"@DOMAIN.com, "spam"@DOMAIN.com, "spam"@DOMAIN.com) SRS= R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 KBwEA2eTOV24QgAA8hy8Hg Saved" I've munged the domain name & the recipient's username, but those are the only changes.

  0

Please sign in to leave a comment.