PATH:
etc
# Exim filter # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # cPanel System Filter for EXIM # # VERSION = 2.0 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Direct modifications to the /etc/cpanel_exim_system_filter file will be lost when the configuration is # # next rebuilt. To have modifications retained, please use one of the following options: # # # # 1) # # * Place each sysfilter block you wish to include in a unique file at: # # /usr/local/cpanel/etc/exim/sysfilter/options/ # # * Enable or disable the custom block in WHM using: # # Service Configuration => Exim Configuration Manager => Filters => Custom Filter: [your unique file] # # # # 2) # # * Create a custom sysfilter file in /etc/ # # * Change the location of the sysfilter file in WHM using: # # Service Configuration => Exim Configuration Manager => Filters => System Filter File # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Only process once # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # if not first_delivery then finish endif # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Ignore "real" errors # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # if error_message and $header_from: contains "Mailer-Daemon@" then finish endif # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments # (Use the Basic Editor in the Exim Configuration Manager in WHM to change) # or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf ## ----------------------------------------------------------------------- # Look for single part MIME messages with suspicious name extensions # Check Content-Type header using quoted filename [content_type_quoted_fn_match] if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")" then fail text "This message has been rejected because it has\n\ potentially executable content $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finish endif # same again using unquoted filename [content_type_unquoted_fn_match] if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))([\\\\s;]|\\$)" then fail text "This message has been rejected because it has\n\ potentially executable content $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finish endif ## ----------------------------------------------------------------------- # Attempt to catch embedded VBS attachments # in emails. These were used as the basis for # the ILOVEYOU virus and its variants - many many varients # Quoted filename - [body_quoted_fn_match] if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]" then fail text "This message has been rejected because it has\n\ a potentially executable attachment $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finish endif # same again using unquoted filename [body_unquoted_fn_match] if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]" then fail text "This message has been rejected because it has\n\ a potentially executable attachment $1\n\ This form of attachment has been used by\n\ recent viruses or other malware.\n\ If you meant to send this file then please\n\ package it up as a zip file and resend it." seen finish endif ## ----------------------------------------------------------------------- #### Version history # # 0.01 5 May 2000 # Initial release # 0.02 8 May 2000 # Widened list of content-types accepted, added WSF extension # 0.03 8 May 2000 # Embedded the install notes in for those that don't do manuals # 0.04 9 May 2000 # Check global content-type header. Efficiency mods to REs # 0.05 9 May 2000 # More minor efficiency mods, doc changes # 0.06 20 June 2000 # Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan # 0.07 19 July 2000 # Latest MS Outhouse bug catching # 0.08 19 July 2000 # Changed trigger length to 80 chars, fixed some spelling # 0.09 29 September 2000 # More extensions... its getting so we should just allow 2 or 3 through # 0.10 18 January 2001 # Removed exclusion for error messages - this is a little nasty # since it has other side effects, hence we do still exclude # on unix like error messages # 0.11 20 March, 2001 # Added CMD extension, tidied docs slightly, added RCS tag # ** Missed changing version number at top of file :-( # 0.12 10 May, 2001 # Added HTA extension # 0.13 22 May, 2001 # Reformatted regexps and code to build them so that they are # shorter than the limits on pre exim 3.20 filters. This will # make them significantly less efficient, but I am getting so # many queries about this that requiring 3.2x appears unsupportable. # 0.14 15 August,2001 # Added .lnk extension - most requested item :-) # Reformatted everything so its now built from a set of short # library files, cutting down on manual duplication. # Changed \w in filename detection to . - dodges locale problems # Explicit application of GPL after queries on license status # 0.15 17 August, 2001 # Changed the . in filename detect to \S (stops it going mad) # 0.16 19 September, 2001 # Pile of new extensions including the eml in current use # 0.17 19 September, 2001 # Syntax fix # #### Install Notes # # Exim filters run the exim filter language - a very primitive # scripting language - in place of a user .forward file, or on # a per system basis (on all messages passing through). # The filtering capability is documented in the main set of manuals # a copy of which can be found on the exim web site # http://www.exim.org/ # # To install, copy the filter file (with appropriate permissions) # to /etc/exim/system_filter.exim and add to your exim config file # [location is installation depedant - typicaly /etc/exim/config ] # in the first section the line:- # message_filter = /etc/exim/system_filter.exim # message_body_visible = 5000 # # You may also want to set the message_filter_user & message_filter_group # options, but they default to the standard exim user and so can # be left untouched. The other message_filter_* options are only # needed if you modify this to do other functions such as deliveries. # The main exim documentation is quite thorough and so I see no need # to expand it here... # # Any message that matches the filter will then be bounced. # If you wish you can change the error message by editing it # in the section above - however be careful you don't break it. # # After install exim should be restarted - a kill -HUP to the # daemon will do this. # #### LIMITATIONS # # This filter tries to parse MIME with a regexp... that doesn't # work too well. It will also only see the amount of the body # specified in message_body_visible # #### BASIS # # The regexp that is used to pickup MIME/uuencoded body parts with # quoted filenames is replicated below (in perl format). # You need to remember that exim converts newlines to spaces in # the message_body variable. # # (?:Content- # start of content header # (?:Type: (?>\s*) # rest of c/t header # [\w-]+/[\w-]+ # content-type (any) # |Disposition: (?>\s*) # content-disposition hdr # attachment) # content-disposition # ;(?>\s*) # ; space or newline # (?:file)?name= # filename=/name= # |begin (?>\s+) [0-7]{3,4} (?>\s+)) # begin octal-mode # (\"[^\"]+\. # quoted filename. # (?:ad[ep] # list of extns # |ba[st] # |chm # |cmd # |com # |cpl # |crt # |eml # |exe # |hlp # |hta # |in[fs] # |isp # |jse? # |lnk # |md[be] # |ms[cipt] # |pcd # |pif # |reg # |scr # |sct # |shs # |url # |vb[se] # |ws[fhc]) # \" # end quote # ) # end of filename capture # [\s;] # trailing ;/space/newline # # ### [End] # END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments # BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite # (Use the Basic Editor in the Exim Configuration Manager in WHM to change) # or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf if "${if def:header_X-Spam-Subject: {there}}" is there then headers remove Subject headers add "Subject: $rh_X-Spam-Subject:" headers remove X-Spam-Subject endif # END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite
[+]
..
[-] virc
[edit]
[-] at.deny
[edit]
[-] elinks.conf
[edit]
[-] makedumpfile.conf.sample
[edit]
[-] cpanel_mail_netblocks
[edit]
[-] nsswitch.conf
[edit]
[-] screenrc
[edit]
[-] letsencrypt-cpanel.licence
[edit]
[-] system-release
[edit]
[-] trueuserdomains
[edit]
[+]
dovecot
[-] grub2.cfg
[edit]
[-] named.iscdlv.key
[edit]
[-] ipaddrpool
[edit]
[-] exim.crt
[edit]
[-] rpc
[edit]
[-] recent_recipient_mail_server_ips
[edit]
[+]
ld.so.conf.d
[-] profile
[edit]
[-] relayhostsusers
[edit]
[-] exim.conf.local
[edit]
[-] os-release
[edit]
[+]
nginx
[-] mtab
[edit]
[-] npmrc
[edit]
[-] inittab
[edit]
[-] trueuserowners
[edit]
[-] outgoing_mail_hold_users
[edit]
[-] exim.key
[edit]
[-] passwd-
[edit]
[-] lynx.lss
[edit]
[-] demousers
[edit]
[+]
cron.hourly
[+]
gssproxy
[-] localdomains
[edit]
[+]
dbus-1
[+]
gnupg
[+]
firewalld
[-] environment
[edit]
[+]
kernel
[-] magic
[edit]
[-] wwwacct.conf.cache
[edit]
[-] digestshadow
[edit]
[-] domain_secondary_mx_ips.cdb
[edit]
[-] netconfig
[edit]
[+]
ppp
[+]
request-key.d
[+]
rc1.d
[-] userdatadomains
[edit]
[-] cpupdate.conf
[edit]
[+]
egl
[-] els-release
[edit]
[-] rc.local
[edit]
[+]
ImageMagick-6
[+]
cron.daily
[+]
init.d
[-] lynx-site.cfg
[edit]
[-] sestatus.conf
[edit]
[-] odbcinst.ini
[edit]
[-] outgoing_mail_suspended_users
[edit]
[+]
pki
[+]
xinetd.d
[-] sudo.conf
[edit]
[+]
modules-load.d
[-] ssldomains
[edit]
[-] pure-ftpd.pem
[edit]
[-] statetab
[edit]
[+]
xml
[-] group-
[edit]
[-] exim_trusted_configs
[edit]
[-] greylist_common_mail_providers
[edit]
[+]
rsyslog.d
[-] userplans
[edit]
[+]
cagefs
[+]
krb5.conf.d
[-] named.conf.precpanelinstall
[edit]
[-] letsencrypt-cpanel.conf
[edit]
[+]
default
[+]
udev
[-] bashrc
[edit]
[+]
rc.d
[-] secondarymx
[edit]
[+]
wafd_imunify
[+]
vdomainaliases
[-] shells
[edit]
[-] named.rfc1912.zones
[edit]
[-] networks
[edit]
[-] shadow.nouids.cache
[edit]
[-] mke2fs.conf
[edit]
[-] dbowners
[edit]
[-] suphp.conf.rpmnew
[edit]
[-] favicon.png
[edit]
[-] cron.deny
[edit]
[+]
libpaper.d
[+]
ssh
[-] redhat-release
[edit]
[-] exim.conf.mailman2.exiscan.dist
[edit]
[-] mailips
[edit]
[-] passwd.nouids.cache
[edit]
[-] protocols
[edit]
[-] eximrejects
[edit]
[+]
selinux
[-] domainusers
[edit]
[+]
logrotate.d
[-] rsyncd.conf
[edit]
[+]
rc4.d
[-] backupmxhosts
[edit]
[-] filesystems
[edit]
[-] issue.net
[edit]
[+]
skel
[-] nsswitch.conf.bak
[edit]
[-] named.conf.prerebuilddnsconfig
[edit]
[+]
audisp
[-] mime.types
[edit]
[-] named.conf.rebuilddnsconfig
[edit]
[-] centos-release
[edit]
[+]
dsniff
[+]
mail
[+]
modprobe.d
[-] vconsole.conf
[edit]
[-] nanorc
[edit]
[+]
alternatives
[-] lynx.cfg
[edit]
[-] yum.conf
[edit]
[-] centos-release-upstream
[edit]
[-] request-key.conf
[edit]
[-] libuser.conf
[edit]
[+]
sgml
[+]
imunify360
[-] e2fsck.conf
[edit]
[-] mailcap
[edit]
[-] exim.conf
[edit]
[-] nscd.conf
[edit]
[-] crontab
[edit]
[-] vdpau_wrapper.cfg
[edit]
[-] dracut.conf
[edit]
[+]
pulse
[-] p0fdisable
[edit]
[-] nfs.conf
[edit]
[+]
pdns
[-] shadow
[edit]
[+]
pkcs11
[+]
pure-ftpd
[-] senderverifybypasshosts
[edit]
[-] userdomains
[edit]
[-] cpsources.conf.plugins.example
[edit]
[+]
binfmt.d
[-] gshadow-
[edit]
[-] antivirus.exim
[edit]
[+]
vfilters
[-] .pwd.lock
[edit]
[-] named.root.key
[edit]
[+]
imunify-agent-proxy
[+]
X11
[-] eximmailtrap
[edit]
[+]
chkconfig.d
[-] printcap
[edit]
[-] userbwlimits
[edit]
[+]
audit
[-] fstab
[edit]
[-] skipsmtpcheckhosts
[edit]
[-] trustedmailhosts
[edit]
[+]
sasl2
[-] domainips
[edit]
[-] issue
[edit]
[+]
rc5.d
[-] lock_manager_local.ini
[edit]
[+]
sysctl.d
[-] DIR_COLORS
[edit]
[-] ftpd-ca.pem
[edit]
[-] userdatadomains.json
[edit]
[-] asound.conf
[edit]
[-] mailbox_formats
[edit]
[+]
my.cnf.d
[-] group
[edit]
[+]
cron.d
[-] blocked_incoming_email_countries
[edit]
[+]
rc0.d
[-] DIR_COLORS.256color
[edit]
[-] sudo-ldap.conf
[edit]
[-] libaudit.conf
[edit]
[+]
snmp
[-] wwwacct.conf.shadow
[edit]
[-] blocked_incoming_email_domains
[edit]
[+]
cpanel
[+]
statetab.d
[-] wwwacct.conf
[edit]
[-] .updated
[edit]
[-] exim.pl.local
[edit]
[-] host.conf
[edit]
[-] suphp.conf
[edit]
[+]
chkserv.d
[-] cpspamd.conf
[edit]
[+]
ghostscript
[-] trusted-key.key
[edit]
[+]
sysconfig
[-] machine-id
[edit]
[+]
openldap
[-] domain_remote_mx_ips.cdb
[edit]
[-] wgetrc
[edit]
[-] webspam
[edit]
[+]
fastcomet
[-] passwd.cache
[edit]
[-] hosts
[edit]
[-] relayhosts
[edit]
[+]
popt.d
[-] .whostmgrft
[edit]
[+]
exports.d
[-] gshadow
[edit]
[+]
rwtab.d
[-] stats.conf
[edit]
[+]
dhcp
[-] papersize
[edit]
[-] exim.conf.localopts
[edit]
[-] adjtime
[edit]
[-] exim_suspended_list
[edit]
[+]
prelink.conf.d
[+]
mc
[+]
named
[+]
dracut.conf.d
[+]
plymouth
[+]
rc6.d
[+]
depmod.d
[-] pure-ftpd.conf.rpmnew
[edit]
[-] kdump.conf
[edit]
[-] system-release-cpe
[edit]
[-] ips
[edit]
[+]
yum
[-] hosts.allow
[edit]
[+]
sudoers.d
[+]
groff
[+]
cron.weekly
[+]
scl
[-] sudoers
[edit]
[-] exim.conf.dist
[edit]
[+]
valiases
[+]
qemu-ga
[-] pure-ftpd.conf.i360bak
[edit]
[-] named.conf.cache
[edit]
[+]
pm
[-] mail.rc
[edit]
[-] nfsmount.conf
[edit]
[-] remotedomains
[edit]
[-] ethertypes
[edit]
[+]
ssl
[-] manualmx
[edit]
[-] nsswitch.conf.rpmnew
[edit]
[-] tcsd.conf
[edit]
[-] GREP_COLORS
[edit]
[-] services
[edit]
[-] csh.cshrc
[edit]
[-] exim.pl
[edit]
[-] aliases.rpmnew
[edit]
[+]
fonts
[+]
rpm
[-] demouids
[edit]
[-] recent_authed_mail_ips_users
[edit]
[+]
yum.repos.d
[+]
apache2
[+]
csf
[+]
smartmontools
[-] idmapd.conf
[edit]
[-] shadow-
[edit]
[-] man_db.conf
[edit]
[-] hostname
[edit]
[+]
profile.d
[-] email_send_limits
[edit]
[-] named.conf.zonedir.cache
[edit]
[+]
NetworkManager
[+]
xdg
[-] logrotate.conf
[edit]
[+]
dpkg
[-] eximrejects.rpmorig
[edit]
[-] motd
[edit]
[+]
opt
[+]
gss
[-] localaliases
[edit]
[-] neighbor_netblocks
[edit]
[-] ftpd-rsa.pem
[edit]
[-] wwwacct.conf.shadow.cache
[edit]
[+]
polkit-1
[+]
bash_completion.d
[-] spammers
[edit]
[-] resolv.conf
[edit]
[+]
proftpd
[-] subgid
[edit]
[-] hosts.deny
[edit]
[-] aliases
[edit]
[+]
cron.monthly
[-] cpanel_exim_system_filter
[edit]
[-] whois.conf
[edit]
[+]
pam.d
[-] userips
[edit]
[-] sysctl.conf
[edit]
[-] csh.login
[edit]
[+]
bitninja
[-] inputrc
[edit]
[+]
iproute2
[+]
openal
[-] trusted_mail_users
[edit]
[-] localtime
[edit]
[+]
python
[-] GeoIP.conf
[edit]
[-] exports
[edit]
[+]
libnl
[+]
container
[-] passwd
[edit]
[-] crypttab
[edit]
[-] greylist_trusted_netblocks
[edit]
[+]
terminfo
[+]
rc2.d
[-] mailhelo
[edit]
[-] krb5.conf
[edit]
[-] my.cnf
[edit]
[+]
systemd
[+]
glvnd
[+]
tuned
[+]
gcrypt
[-] securetty
[edit]
[-] named.conf
[edit]
[-] pure-ftpd.conf
[edit]
[-] .letsencrypt-cpanel-api-token
[edit]
[-] demodomains
[edit]
[-] exim.conf.mailman2.dist
[edit]
[-] nocgiusers
[edit]
[-] DIR_COLORS.lightbgcolor
[edit]
[-] rsyslog.conf
[edit]
[-] anacrontab
[edit]
[-] recent_authed_mail_ips
[edit]
[-] rwtab
[edit]
[-] vimrc
[edit]
[+]
tmpfiles.d
[-] blocked_incoming_email_country_ips
[edit]
[-] login.defs
[edit]
[+]
grub.d
[+]
sw-engine
[-] ld.so.cache
[edit]
[-] subuid
[edit]
[-] ftpd-rsa-key.pem
[edit]
[+]
imunify360-webshield
[-] spammeripblocks
[edit]
[-] ld.so.conf
[edit]
[+]
cl.selector
[+]
security
[-] locale.conf
[edit]
[+]
rc3.d
[+]
wpa_supplicant
![[edit]](?e=favicon.png&p=%2Fetc){kind=link}