{"id":446,"date":"2021-07-23T12:30:03","date_gmt":"2021-07-23T12:30:03","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/how-to-customize-the-exim-system-filter-file\/"},"modified":"2021-07-23T12:30:03","modified_gmt":"2021-07-23T12:30:03","slug":"how-to-customize-the-exim-system-filter-file","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/how-to-customize-the-exim-system-filter-file\/","title":{"rendered":"How to Customize the Exim System Filter File"},"content":{"rendered":"<\/p>\n
\n
<\/div>\n
\n

Overview<\/h2>\n
\n
Warning:<\/div>\n
\n The steps in this document are for advanced users only.\n <\/div>\n<\/div>\n

The Exim system filter file scans messages that your server has received, but that it has not yet delivered. To add custom filter rules to your Exim configuration, you may either create custom filter rule files for Exim to include in its configuration, or create a custom Exim system filter file.<\/p>\n

How to create a custom filter rule file<\/h2>\n

To create a custom filter rule file, perform the following steps:<\/p>\n

    \n
  1. Create a file in the \/usr\/local\/cpanel\/etc\/exim\/sysfilter\/options\/<\/code> directory.<\/li>\n
  2. \n

    Within that file, enter your custom filter rules. For example, to block mail from user@example.com<\/code>, add the following rule:<\/p>\n

    \n
    \n\n\n
    \n
    1\n<\/span>2\n<\/span>3\n<\/span><\/code><\/pre>\n<\/td>\n
    		\n
    if<\/span> (\"$h_from:\"<\/span> contains<\/span> \"user@example.com\"<\/span>)\nthen<\/span> fail<\/span>\nendif<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<\/li>\n
  3. \n
    Navigate to WHM\u2019s Exim Configuration Manager<\/em> interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager<\/em>). In the Basic Editor<\/em> section, select the Filters<\/em> tab.<\/p>\n<\/li>\n
  4. \n
    Disable any undesired filter rules.<\/p>\n<\/li>\n
  5. \n
    Click Save<\/em>.<\/p>\n<\/li>\n<\/ol>\n
    \n
    Warning:<\/div>\n
    \n        The Exim configuration enables all of the custom filter rules within the \/usr\/local\/cpanel\/etc\/exim\/sysfilter\/options\/<\/code> directory.\n    <\/div>\n<\/div>\n
    How to create a custom Exim system filter file<\/h2>\n
    \n
    Warning:<\/div>\n
    \n
    Do not<\/strong> directly edit the \/etc\/cpanel_exim_system_filter<\/code> file. The system will lose any changes when your Exim Configuration rebuilds.<\/p>\n<\/p><\/div>\n<\/div>\n
    To create a custom system filter file, perform the following steps:<\/p>\n
      \n
    1. Log in to the server as the root<\/code> user.<\/li>\n
    2. \n
      Run the following command to copy the \/etc\/cpanel_exim_system_filter<\/code> file:\n<\/p>\n
      \n
      cp -<\/span>p \/etc\/c<\/span>panel_exim_system_filter \/etc\/c<\/span>panel_system_filter_new<\/code><\/pre>\n<\/div>\n
      \n
      Warning:<\/div>\n
      \n
      We strongly<\/strong> recommend that you copy this file before you edit it. If you experience problems, use the file to revert your changes.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n
    3. \n
      Confirm that the new file has the following ownership and file permissions:\n<\/p>\n
      \n
      -<\/span>rw-<\/span>r--<\/span>r--<\/span> 1<\/span> root root<\/code><\/pre>\n<\/div>\n<\/li>\n
    4. \n
      Use your preferred text editor to edit the \/etc\/cpanel_system_filter_new<\/code> file.<\/p>\n<\/li>\n
    5. \n
      Navigate to the Basic Editor<\/em> section of  WHM\u2019s Exim Configuration Manager<\/em> interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager<\/em>).<\/p>\n<\/li>\n
    6. \n
      Select the textbox option for the System Filter File<\/em> setting.<\/p>\n
      \n
      Warning:<\/div>\n
      \n
      Regardless of which option you select, the Exim configuration will include all<\/strong> of the files within the \/usr\/local\/cpanel\/etc\/exim\/sysfilter\/options\/<\/code> directory.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n
    7. \n
      Enter the new file\u2019s absolute path in the text box (for example, \/etc\/cpanel_system_filter_new<\/code>).<\/p>\n<\/li>\n
    8. \n
      Click Save<\/em>.<\/p>\n
      \n
      Note:<\/div>\n
      \n
      Exim restarts when you save changes in the Exim Configuration Manager<\/em> interface.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n<\/ol>\n
      For more information about the Exim system filter file, visit Exim\u2019s system filter documentation.<\/p>\n
      How to block additional extensions<\/h2>\n
      The \/etc\/cpanel_exim_system_filter<\/code> file is the system\u2019s default filter file. It contains the following sections:<\/p>\n
        \n
      • Single-part MIME messages with suspicious name extensions.<\/li>\n
      • Single-part MIME messages with suspicious name extensions that use unquoted filenames.<\/li>\n
      • Embedded VBS attachments.<\/li>\n
      • Embedded VBS attachments that use unquoted filenames.<\/li>\n<\/ul>\n
        To block a new extension:<\/p>\n
        \n
        Remember:<\/div>\n
        \n
        Do not<\/strong> directly edit the \/etc\/cpanel_exim_system_filter<\/code> file. The system will lose any changes when your Exim Configuration rebuilds.<\/p>\n<\/p><\/div>\n<\/div>\n
          \n
        1. \n
          Create a custom filter file. To do this, follow steps 1-3 of the How to create a custom Exim system filter file section.<\/p>\n<\/li>\n
        2. \n
          Edit the regular expressions in the following lines:\n<\/p>\n
          \n
          \n\n\n
          \n
          1\n<\/span>2\n<\/span>3\n<\/span>4\n<\/span>5\n<\/span>6\n<\/span>7\n<\/span><\/code><\/pre>\n<\/td>\n
          		\n
          if<\/span> $<\/span>header_content<\/span>-<\/span>type<\/span>: matches<\/span> \"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")\"<\/span>\n\nif<\/span> $<\/span>header_content<\/span>-<\/span>type<\/span>: matches<\/span> \"(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))\"<\/span>\n\nif<\/span> $<\/span>message_body<\/span> matches<\/span> \"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+\/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]\"<\/span>\n\nif<\/span> $<\/span>message_body<\/span> matches<\/span> \"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+\/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]\"<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
          \n
          Note:<\/div>\n
          \n
          To unblock an extension, remove it from those regular expressions.<\/p>\n<\/p><\/div>\n<\/div>\n
          For example, if you blocked the .foo<\/code> extension, your changes would resemble the following example:<\/p>\n
          \n
          \n\n\n
          \n
          1\n<\/span>2\n<\/span>3\n<\/span>4\n<\/span>5\n<\/span>6\n<\/span>7\n<\/span><\/code><\/pre>\n<\/td>\n
          		\n
          if<\/span> $<\/span>header_content<\/span>-<\/span>type<\/span>: matches<\/span> \"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|foo|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")\"<\/span>\n\nif<\/span> $<\/span>header_content<\/span>-<\/span>type<\/span>: matches<\/span> \"(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|foo|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))\"<\/span>\n\nif<\/span> $<\/span>message_body<\/span> matches<\/span> \"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+\/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|foo|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]\"<\/span>\n\nif<\/span> $<\/span>message_body<\/span> matches<\/span> \"(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+\/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|foo|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]\"<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<\/li>\n
        3. \n
          Log in to WHM as the root<\/code> user.<\/p>\n<\/li>\n
        4. \n
          Navigate to the Filters section of WHM\u2019s Exim Configuration Manager<\/em> interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager<\/em>).<\/p>\n<\/li>\n
        5. \n
          Enter the new filter file\u2019s filepath in the System Filter File<\/em> option\u2019s text box.<\/p>\n<\/li>\n
        6. \n
          Click Save<\/em>.<\/p>\n<\/li>\n<\/ol><\/div>\n","protected":false},"excerpt":{"rendered":"
          Overview Warning: The steps in this document are for advanced users only. The Exim system filter file scans messages that your server has received, but that it has not yet delivered. To add custom filter rules to your Exim configuration, you may either create custom filter rule files for Exim to include in its configuration, …<\/p>\n","protected":false},"author":1,"featured_media":447,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/446"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=446"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/446\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/447"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}