EXIM - Filters - Need help with blocking all forwarding to external domains
Hello there
Have a server with WHM 110 and Exim 4.96
There is a client with a weird behavior
Any incoming email on the domain is being forwarded to a specific email (unknown to customer) - melvinchristopher774@gmail.com
As i don't see any forwarders setup in WHM i assume there is some rule within email client that forwards every incoming email
Below is example of test email headers
Received: from [10.98.235.37] (helo=$SERVER_HOSTNAME$) - automatic forward
by smtpcorp.com with esmtpsa (TLS1.2:ECDHE_SECP256R1__RSA_SHA512__AES_256_GCM:256)
(Exim 4.96-S2G)
(envelope-from <$MY_EMAIL$>)
id 1qdyjD-ynd3Ri-39
for melvinchristopher774@gmail.com;
Wed, 06 Sep 2023 20:02:19 +0000
Received: from [142.188.166.55] (port=53517 helo=$SERVER_HOSTNAME$) - my test message
by $SERVER_HOSTNAME$ with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from <$MY_EMAIL$>)
id 1qdyi9-0005rT-0d
for $CLIENTS_EMAIL$;
Wed, 06 Sep 2023 16:01:13 -0400
So, to prevent those forwarding from the server side I'm trying to add two filters
1. Filter to discard any attempts to forward emails to that gmail address
if $header_for: contains "melvinchristopher774@gmail.com"
then
fail
endif
This filter is being ignored by Exim for some reason
Tried discard instead of fail - after restarting exim - gives error on sent messages as "unknown option discard"
2. (Filter that will be ideal) - to block any forwarding to non local domains
if $header_for: is not in "${lookup{$header_for:}lsearch;/var/domains.txt}"
then
fail
endif
Local domain file domains.txt has a list of local domains one per line
e.g.
domain1.com
domain2.net
This filter gives the following error
LOG: MAIN PANIC
Error in system filter: "and" or "or" or "then" expected near line 249 of filter file, but found ""${lookup{$header_for:}lsearch;/var/domains.txt}""
delivering 1qdzWn-0000Bs-2c (queue run pid 24935)
Need help with both filters
Thank you in Advance guys
Archie
-
Far from being an expert in this, but I think: - "for" is not a header. The header is "Received:" of which "for" is a part. So you would need to use "$header_received:" or the less specific "$message_headers". - "discard" is not a valid filter command [1], [2]. I've no experience with lookups, but some thoughts: Are they valid in filter files? Is "is [not] in" valid syntax? Altough it is less easily maintainable, it might be easier with a list of domains in the filter file using "or". Hopefully someone with more experience will chime in. [1] 3. Exim filter files [2] 47. System-wide message filtering 0 -
Thanks, @phil99 ! 0 -
Thanks, @phil99! Links helped a lot With an information from emailaddress@domain.com" then save /dev/null finish endif Version 2: if $message_headers: contains "emailaddress@domain.com" then seen finish endif Also Filter can be done with Reject Message to sender : if $message_headers: contains "emailaddress@domain.com" then fail text "Emails to this address are not allowed" #Enter any message you want sender to receive as a reject message endif Keep working on the second filter to discard any emails to external domains Will keep you guys posted on success 0
Please sign in to leave a comment.
Comments
3 comments