EXIM custom filter to block email address in name field?

equens

• October 07, 2019 02:50

Hi all, do you know any rule to mark as spam the messages that have an email address in the name field? From: "Name "
The email comes from spammer@email.com but shows company@email.com as the sender, so the recipient might think it is a trusted email. Thanks! Equens.

• 

  keat63

  • October 07, 2019 14:45

  is it always the same sender, if so, then a global filter in cpanel should do this. If Any Header Contains spammer@email.com then discard email

  0
• 

  equens

  • October 09, 2019 09:24

  Hello Keat63, thanks for your help. It's not the same sender, I would like to create rule across all servers to stop these emails.

  0
• 

  keat63

  • October 09, 2019 10:39

  Could you maybe post a snippet of the header so some of the experts can take a look.

  0
• 

  cPanelLauren

  • October 11, 2019 18:52

  Seeing the headers might be helpful indeed as suggested by @keat63

  0
• 

  equens

  • October 25, 2019 08:21

  Hello again: Received: from unknown (HELO bork.domain.com) (119.252.18.x) by 0 with ESMTPS (DHE-RSA-AES256-GCM-SHA384 encrypted); 4 Oct 2019 09:19:01 -0000 Received: (qmail 49057 invoked by uid 89); 4 Oct 2019 09:19:01 -0000 Received: from unknown (HELO ?93.146.196.170?) (cmkadmin1@chad*****kia.com.au@93.146.196.***) by 0 with ESMTPA; 4 Oct 2019 09:18:58 -0000 Received: (qmail 19157 invoked by uid 89); 4 Oct 2019 09:18:59 -0000 Received: from mx7.web*****ot.com ([203.143.**.9]:54780) by or***.dron***.net with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from ) id 1iGJkY-00005d-FN for f****n@pre***.com; Fri, 04 Oct 2019 11:19:49 +0200 Received: fr*** n.dro***.net by o***n.dro*****ia.net with LMTP id sMRZCbUOl11mAQAAZqXNcQ (envelope-from ) for ; Fri, 04 Oct 2019 11:19:49 +0200 Return-Path: From: "Pre*****ud

  " 
  
  To: =?utf-8?Q?Juan_A.-_Dpto.Formaci=C3=B3n_-_PREFOR?=
  =?utf-8?Q?_SALUD?= 
  Subject: [virus GenScript.GGG Troyano] propuesta
  Date: Fri, 4 Oct 2019 12:18:55 +0200
  MIME-Version: 1.0
  Content-Type: multipart/mixed;

  
  Best regards, Equens.

  0
• 

  cPanelLauren

  • October 31, 2019 21:15

  Hello @equens Do you utilize SpamAssassin on the domain/s receiving these types of emails? Has it flagged them if so? While a filter might be doable - I wonder if you wouldn't be able to get this resolved by going to WHM>>Server Configuration>>Exim Configuration Manager: Experimental: Rewrite From: header to match actual sender

  0

Please sign in to leave a comment.