How can I block spam emails with a fixed sibject coming to several domains

Kent Brockman

• July 15, 2014 15:17

Hello guys! I'm receiving these spam emails in several domains, so I need a way to filter them at smtp time. I know the exim filter file can intercept this but I don't find the correct syntax. The purpose is to send to /dev/null the emails from any source containing a given string in the subject. Can anybody give some help? Thanks in advance!

• 

  cPanelMichael

  • July 16, 2014 16:49

  Hello :) Have you considered using the "Account Level Filtering" option in cPanel, or is this across multiple accounts? What Exim filter rule did you already try? Thank you.

  0
• 

  Kent Brockman

  • July 28, 2014 02:36

  Hello Michael, I've been able to solve it by using exim system filter file. Yes, this is to mitigate a spam wave coming randomly to several domains. That's why a global filter is needed. The solution consist in adding the following code somewhere in the midlle of /etc/cpanel_exim_system_filter if $message_headers: contains "DOMAIN-TO-BLOCK.com" or $message_body: contains "TEXT PATTERN USED ACROSS ALL THE UNSOLICITED EMAILS" and not error_message then seen finish endif
  This rule will deliver to a blackhole (/dev/null) all the messages where the headers contain the domain name to block OR the common denominator text pattern (if the spam messages fortunately have something in common, and since it is an ellaborated phishing scam, they do). It just worked like a charm. :) It's of note, that this method is the best way to stop spam when the source IP from the emails is different in every message. If the source IP were the same, I could easily block them using the Exim Configuration Manager > Blacklisted SMTP IP addresses list... or even block the IP in the firewall.

  0

Please sign in to leave a comment.